Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firewall: Problems handling square brackets in rule name #348

Closed
vidarw opened this issue Aug 19, 2018 · 1 comment · Fixed by #349
Closed

Firewall: Problems handling square brackets in rule name #348

vidarw opened this issue Aug 19, 2018 · 1 comment · Fixed by #349
Assignees
@PlagueHO
Labels
bug The issue is a bug.

Comments

@vidarw
Copy link

vidarw commented Aug 19, 2018

Details of the scenario you tried and the problem that is occurring:
Using the latest DscNetworking from the PowershellGallery (plain Install-Module NetworkingDsc). The Firewall property will not handle square brackets in firewall rule names correctly. First run it will rightfully detect and create the rules. Second run the configuration Test fails and it tries to recreate the rule for an exception due to duplicate rules.

The DSC configuration that is using the resource (as detailed as possible):
The following configuration run locally towards the node localhost

Firewall FirewallRuleWithSquareBrackets
        {
            Name = "Square [Brackets]"
            Ensure = "Present"
            Group = "Debug"
            LocalPort = 65000
            Protocol = "TCP"
        }

Version of the Operating System and PowerShell the DSC Target Node is running:
Windows 10 Pro, 1803, Build: 17134.165

Name                           Value
----                           -----
PSVersion                      5.1.17134.165
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17134.165
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Debug output:

Output from Test-DscCounfiguration (after intitial run)

VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ Start  Resource ]  [[Firewall]FirewallRuleWithSquareBrackets]
VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ Start  Test     ]  [[Firewall]FirewallRuleWithSquareBrackets]
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Test-TargetResource: Checking settings for firewall rule with Name 'Square [Brackets]'.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Test-TargetResource: Find firewall rule with Name 'Square [Brackets]'.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Get-FirewallRule: No Firewall Rule found with Name 'Square [Brackets]'.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Test-TargetResource: Firewall rule with Name 'Square [Brackets]' does not exist.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Test-TargetResource: Check Firewall rule with Name 'Square [Brackets]' returning False.
VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ End    Test     ]  [[Firewall]FirewallRuleWithSquareBrackets] False in 0.1360 seconds.
VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ End    Resource ]  [[Firewall]FirewallRuleWithSquareBrackets]
VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ End    Compare  ]     Completed processing compare operation. The operation returned False.
VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ End    Compare  ]    in  14.2710 seconds.

Output from Start-DscConfiguration 2nd run:

VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ Start  Resource ]  [[Firewall]FirewallRuleWithSquareBrackets]
VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ Start  Test     ]  [[Firewall]FirewallRuleWithSquareBrackets]
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Test-TargetResource: Checking settings for firewall rule with Name 'Square [Brackets]'.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Test-TargetResource: Find firewall rule with Name 'Square [Brackets]'.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Get-FirewallRule: No Firewall Rule found with Name 'Square [Brackets]'.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Test-TargetResource: Firewall rule with Name 'Square [Brackets]' does not exist.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Test-TargetResource: Check Firewall rule with Name 'Square [Brackets]' returning False.
VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ End    Test     ]  [[Firewall]FirewallRuleWithSquareBrackets]  in 0.1360 seconds.
VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ Start  Set      ]  [[Firewall]FirewallRuleWithSquareBrackets]
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Set-TargetResource: Applying settings for firewall rule with Name 'Square [Brackets]'.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Set-TargetResource: Find firewall rule with Name 'Square [Brackets]'.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Get-FirewallRule: No Firewall Rule found with Name 'Square [Brackets]'.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Set-TargetResource: We want the firewall rule with Name 'Square [Brackets]' to exist since Ensure is set to Present.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] Set-TargetResource: We want the firewall rule with Name 'Square [Brackets]' to exist, but it does not.
VERBOSE: [DESKTOP-S1LGPAL]:                            [[Firewall]FirewallRuleWithSquareBrackets] New-NetFirewallRule DisplayName: Square [Brackets]
Cannot create a file when that file already exists.
    + CategoryInfo          : ResourceExists: (MSFT_NetFirewallRule:) [], CimException
    + FullyQualifiedErrorId : Windows System Error 183,New-NetFirewallRule
    + PSComputerName        : localhost

VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ End    Set      ]  [[Firewall]FirewallRuleWithSquareBrackets]  in 0.2050 seconds.
The PowerShell DSC resource '[Firewall]FirewallRuleWithSquareBrackets' with SourceInfo 'C:\Git\automation-windows-htpc\HTPC.ps1::79::9::Firewall' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged
to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

VERBOSE: [DESKTOP-S1LGPAL]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost
@PlagueHO PlagueHO added bug The issue is a bug. help wanted The issue is up for grabs for anyone in the community. labels Aug 19, 2018
@PlagueHO PlagueHO mentioned this issue Aug 20, 2018
Merged
5 tasks
@PlagueHO PlagueHO added in progress The issue is being actively worked on by someone. and removed help wanted The issue is up for grabs for anyone in the community. labels Aug 20, 2018
@PlagueHO
Copy link
Member

Good catch @vidarw and thanks for raising this. Looks like the -Name parameter needs to be escaped when calling Get-NetFirewallRule, Remove-NetFirewallRule and Set-NetFirewallRule because they support wildcards.

image

This should be a fairly simple fix.

PlagueHO added a commit that referenced this issue Aug 23, 2018
@PlagueHO
Merge pull request #349 from PlagueHO/Issue-348
cadb646 
Added Support for Firewall Rule name containing wildcard chars - Fixes #348
@johlju johlju removed the in progress The issue is being actively worked on by someone. label Aug 23, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@PlagueHO PlagueHO

Labels
bug The issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added Support for Firewall Rule name containing wildcard chars - Fixes #348
3 participants
@vidarw @johlju @PlagueHO