Puppet Modules should enforce a desired state

Preconditions. Firewall module used to set a few ports e.g. RDP, Web etc

If a user manually added a new port to the Firewall in Windows. This module has no functionality to remove rules that are not defined, which defeats the purpose of leveraging puppet.

A puppet module should allow you to configure a service and any manual changes to that service are deleted when the puppet agent runs.

I feel this module needs some important functionality to be enterprise grade.

1. Purge firewall rules that are not defined in puppet
2. Allow you to specify exceptions for Profile - Public, Private and Domain
3. Keep Established connections during the puppet agent run

What are your thoughts on this?

Just noticed the same thing is true for the enabled / disabled state.

A user can go in and manually disable a rule and this module doesn't go an re-enable it based on the desired state in the Puppet catalog.

This might be a duplicate of #23

Hoping this gets addressed soon...managing firewall exceptions through this is borderline useless without enforcing the state. The only option I see around this issue currently is to duplicate the rule to a new name, and mark the original one as 'ensure => absent' and wait for all nodes to delete it.

@bishopbm1 do you have any time to help?

This is something that has been on my radar for a while now. Unfortunately I don't have immediate time to work on it but hoping to have some of that time freed up by the end of the month where I can dedicate some time to this.