Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
xFirewall: DisplayName not set correctly if not in desired state #234
Ok, this is an odd one, found it by chance. So short background, I usually use DSC through Puppet, but no worries I have reproduced this strangeness in "native" DSC code as well. I had a few rules (one bultin for SNMP and the other one created by the installation of NSClient++) that have been set to remote address 'Any' by default. Looking into that, wanting to restrict the allowed addresses, I created a suitable config with xFirewall and in a big environment its rather nice to in an easy way see "what" actually set something to "something" so I thought of incorporating the puppet modules name in the DisplayName of the rule. That is when I stumbled on this one: If the DisplayName is not already in the desired state it will be set to Name for some unknown reason.
So this is what I got:
What I expect to see is:
What I get, if not in desired state (say the rule was manually renamed to 'This is a faulty displayname'):
While if the name is already 'NSClient++ Monitoring Agent' I get:
I've tried different versions of the module as 22.214.171.124 is the one included with puppetlabs-dsc, but natively 126.96.36.199 and 188.8.131.52 gives me the same results. To get the correct name set again you have to either:
Thanks for raising this and all the info.
Are you able to apply your config above with the -Verbose keyword specified and then dump the log here? xFirewall has lots of Verbose logging entries that may tell us what is going on here.
There are a few little "gotchas" with the way the *-NetFirewallRule cmdlets work with "Built-in" rules that may be involved here. But I'll know more with the Verbose logs hopefully.
Lets see I ran an apply with verbose and this is what I got as an output:
I did a fork and found part of a solution, a "Name" that should be a "DisplayName", can put up a pull request for that one, but I am a little bit too rookie to find out how to correct the verbose output because it still says it is changing the DisplayName to Name....
There is something funky with that line in the verbose output. this is the output from a config run when the remoteaddresses are wrongly set to Any, the DisplayName is not change but it still gives that output line stating Set-NetFirewallRule.... That output might be a totally different issue?