puppet-windows_firewall icon indicating copy to clipboard operation
puppet-windows_firewall copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

downcase domain_excluded_interfaces

Open ralfbosz opened this issue 3 years ago • 0 comments

Affected Puppet, Ruby, OS and module versions/distributions

  • Puppet: 5.5.14
  • Ruby:
  • Distribution: Windows 2016
  • Module version: 4.0.0

How to reproduce (e.g Puppet code you use)

  windowsfirewall { 'public':
    ensure => present,
    allow_local_firewall_rules => true,
    allow_local_ipsec_rules => true,
    allow_unicast_response_to_multicast => true,
    default_inbound_action => 'block',
    default_outbound_action => 'allow',
    disabled_interface_aliases => 'Default Interface',
    log_allowed => false,
    log_blocked => true,
    log_file_name => '%systemroot%\system32\logfiles\firewall\domain-firewall.log',
    log_max_size_kilobytes => 16384,
    notify_on_listen => true,
  }

What are you seeing

Notice: /Stage[main]/Profile_firewall::Windows/Windowsfirewall[domain]/disabled_interface_aliases: disabled_interface_aliases changed '{Default Interface}' to 'default interface'

(every run !)

What behaviour did you expect instead

Notice: Applied catalog in 8.17 seconds

Output log

Debug: Executing: 'C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe Get-NetFirewallProfile -profile "public" | out-string -width 4096'
Debug: Windowsfirewall found this hash of properties on the system: {:ensure=>:present, :default_inbound_action=>"Block", :default_outbound_action=>"Allow", :allow_inbound_rules=>"NotConfigured", :allow_local_firewall_rules=>"True", :allow_local_ipsec_rules=>"True", :allow_user_apps=>"NotConfigured", :allow_user_ports=>"NotConfigured", :allow_unicast_response_to_multicast=>"True", :notify_on_listen=>"True", :enable_stealth_mode_for_ipsec=>"NotConfigured", :log_file_name=>"%systemroot%\\system32\\logfiles\\firewall\\public-firewall.log", :log_max_size_kilobytes=>"16384", :log_allowed=>"False", :log_blocked=>"True", :log_ignored=>"NotConfigured", :disabled_interface_aliases=>"{Default Interface}", :name=>"public", :provider=>:powershell}
Notice: /Stage[main]/Profile_firewall::Windows/Windowsfirewall[domain]/disabled_interface_aliases: disabled_interface_aliases changed '{Default Interface}' to 'default interface'
Debug: Arguments built for windowsfirewall powershell provider returns: ["Set-NetFirewallProfile", "-Profile", "\"domain\"", "-Enabled", "True", "-DisabledInterfaceAliases", "\"default interface\""]
Debug: Executing: 'C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe Set-NetFirewallProfile -Profile "domain" -Enabled True -DisabledInterfaceAliases "default interface"'
Debug: /Stage[main]/Profile_firewall::Windows/Windowsfirewall[domain]: The container Class[Profile_firewall::Windows] will propagate my refresh event

Any additional information you'd like to impart

It seems that the disabled_interface_aliases is downcased and the powershell command is case-sensitive about it. Also the output of Get-NetFirewallProfile is displaying DisabledInterfaceAliases as a hash:

PS C:\> Get-NetFirewallProfile -profile "public"

Name                            : Public
Enabled                         : True
DefaultInboundAction            : Block
DefaultOutboundAction           : Allow
AllowInboundRules               : NotConfigured
AllowLocalFirewallRules         : True
AllowLocalIPsecRules            : True
AllowUserApps                   : NotConfigured
AllowUserPorts                  : NotConfigured
AllowUnicastResponseToMulticast : True
NotifyOnListen                  : True
EnableStealthModeForIPsec       : NotConfigured
LogFileName                     : %systemroot%\system32\logfiles\firewall\public-firewall.log
LogMaxSizeKilobytes             : 16384
LogAllowed                      : False
LogBlocked                      : True
LogIgnored                      : NotConfigured
DisabledInterfaceAliases        : {Default Interface}

ralfbosz avatar Jan 12 '22 13:01 ralfbosz