NetworkingDsc icon indicating copy to clipboard operation
NetworkingDsc copied to clipboard
verified publisher icon dsccommunity

Firewall and FirewallProfile: Add PolicyStore to allow targeting local group policy

Open russelltomkins opened this issue 6 years ago • 3 comments

Details of the scenario you tried and the problem that is occurring

Enable the "PolicyStore" parameter to be specified to permit targeting the local group policy store of the machine as well as the default persistent store when using both the Firewall and FirewallProfile resources

Verbose logs showing the problem

New Feature request

Suggested solution to the issue

Add "policystore" as a DSC property for both Firewall and FirewallProfile resources Set the default value of the "policystore" parameter to be "persistentstore" to make it a non-breaking change and accommodate all existing configurations. Add "policystore" parameter to

  • Get/Set/Test-TargetResource functions in both Resources
  • Get-FirewallRule and Get-FirewalRulleProperty helper functions in Firewall resource
  • Get/Set/New-NetFirewallRule commands in Firewall resource
  • Get/Set-NetFirewallProfile commands in FirewallProfile resource

The DSC configuration that is used to reproduce the issue (as detailed as possible)

New Feature request

The operating system the target node is running

Server 2016/2019 - New Feature request

Version and build of PowerShell the target node is running

New Feature request

Version of the DSC module that was used ('dev' if using current dev branch)

dev

I have made and tested the required changes and can happily submit a pull request with the updates to the code and localization strings.

I have also added two Pester tests to the Firewall resources for the helper function "Get-FirewallRule" when the -policystore is specified and the firewall rule is present/absent.

russelltomkins avatar Nov 05 '19 06:11 russelltomkins

Hi @russelltomkins - would love the contribution! Suggest submitting it as two PR's - one for Firewall and the other for FirewallProfile as that will make for smaller PR's to get through.

Note: we do seem to be experiencing an issue with the style validation rules that is throwing a lot of test failures due to hash table styles which we're working on.

PlagueHO avatar Nov 08 '19 07:11 PlagueHO

Anyone looking in to this? It would be an awesome implementation as many companies only allows firewall rules through GPO config. If this could be implemented it would be so much easier to implement firewall rules without the use of central GPOs and still have proper control of the local rules created by different roles and applications

brajjan avatar Jul 01 '22 11:07 brajjan

I wrote a fix for it myself - will make two PR's (hopefully) this coming week. My first PR's so please guide me if I make mistakes. Would love to contribute to other projects as well if I can get some time off for it

brajjan avatar Sep 03 '22 19:09 brajjan