Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change already created rules/exceptions #49

Open
azhurbilo opened this issue Mar 1, 2017 · 3 comments
Open

Change already created rules/exceptions #49

azhurbilo opened this issue Mar 1, 2017 · 3 comments

Comments

@azhurbilo
Copy link

How to reproduce (e.g Puppet code you use)

# run first time with
windows_firewall::exception { 'WINRM':
  ensure       => present,
  direction    => 'in',
  action       => 'Allow',
  enabled      => 'yes',
  protocol     => 'TCP',
  local_port   => '5985',
  remote_port  => 'any',
  display_name => 'Windows Remote Management HTTP-In',
  description  => 'Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]',
}

# run second time with 'disabled' rule
windows_firewall::exception { 'WINRM':
  ensure       => present,
  direction    => 'in',
  action       => 'Allow',
  enabled      => 'no',
  protocol     => 'TCP',
  local_port   => '5985',
  remote_port  => 'any',
  display_name => 'Windows Remote Management HTTP-In',
  description  => 'Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]',
}

What are you seeing

rule still enabled

What behaviour did you expect instead

rule disabled

Any additional information you'd like to impart

it because of

# Set command to check for existing rules
$check_rule_existance= "C:\\Windows\\System32\\netsh.exe advfirewall firewall show rule name=\"${display_name}\""
$unless = $check_rule_existance

if rule already exist you cannot change anything
@azap1111
Copy link

It would be helpful to have the ability to modify a firewall rule that has already been applied. For instance, being able to modify the remote_ip's that are allowed to make the connection would be helpful.

@tgm4883
Copy link

tgm4883 commented Apr 25, 2019

This would be helpful to be able to change existing rules. I took a cursory glance at the code and it seems it would be easy to get it to change the rule, but possibly difficult to get it to only change it once and not every puppet run.

@ola-pt ola-pt mentioned this issue Sep 10, 2022
Open
@RamblingCookieMonster
Copy link

RamblingCookieMonster commented Oct 5, 2023
edited
Loading

Going to comment here to keep this on the radar, as this module is essentially non-functional without this issue being addressed. Worse, it gives no indication that it is omitting intended changes. One might drop a subnet from a rule, and not realize the subnet can still access a system, for example.

For what it's worth, this seems to be sort of a critical part of what this module should provide, no? One tends not to care as much about the name of a firewall rule, as for the actual functionality of the rule that is being ignored here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tgm4883 @RamblingCookieMonster @azhurbilo @azap1111