EzFirewallMgmt.psm1
|
$PSModuleRoot = $PSScriptRoot $tools = "$PSModuleRoot\tools" function Block-Port { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol ) begin { if ([string]::IsNullOrEmpty($protocol)) { $protocol = "BOTH"; } $newRules = New-Object System.Collections.Generic.List[object]; } process { if ($protocol -eq "BOTH" -OR $protocol -eq "TCP") { $TCPRule = Get-PortRuleName -type "Block" -port $port -protocol "TCP"; if ($null -eq (Get-NetFirewallRule -Name "$TCPRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule inbound" -Name "$TCPRule inbound" -Action "Block" -Profile Any -Direction Inbound -Protocol TCP -LocalPort $port -EA 0)) $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule outbound" -Name "$TCPRule outbound" -Action "Block" -Profile Any -Direction Outbound -Protocol TCP -LocalPort $port -EA 0)) } else { "$TCPRule already exists" | Out-Host; } } if ($protocol -eq "BOTH" -OR $protocol -eq "UDP") { $UDPRule = Get-PortRuleName -type "Block" -port $port -protocol "UDP"; if ($null -eq (Get-NetFirewallRule -Name "$UDPRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule inbound" -Name "$UDPRule inbound" -Action "Block" -Profile Any -Direction Inbound -Protocol UDP -LocalPort $port -EA 0)) $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule outbound" -Name "$UDPRule outbound" -Action "Block" -Profile Any -Direction Outbound -Protocol UDP -LocalPort $port -EA 0)) } else { "$UDPRule already exists" | Out-Host; } } } end { if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } function Block-Program { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding(DefaultParameterSetName="byName")] param ( [Parameter(ParameterSetName="byName",Position=0)] [string]$name, [Parameter(ParameterSetName="byPath",ValueFromPipeline=$true)] $path, [Parameter(ParameterSetName="byPath")] [string]$programName ) begin { $paths = New-Object System.Collections.Generic.List[Object]; $newRules = New-Object System.Collections.Generic.List[object]; } process { if($PsCmdlet.ParameterSetName -match "byName") { write-debug "Name parameter set"; $paths = Get-ExePaths -name $name; } else { Write-Debug "Path is $($path | out-string)" if ($path.getType().Name -match "string") { $path = Get-Item $path; } $path | Foreach-Object { if ($path[0].getType().Name -match "FileInfo") { $paths.add($_); } else { $paths.add((Get-Item $_)); } } if ([string]::IsNullOrEmpty($programName)) { $programName = "$(($path)[0].BaseName)"; } $name = $programName; } } end { Write-Debug "paths list is $($paths | out-string)"; $paths | Foreach-Object { $ProgramRule = Get-ProgramRuleName -type "Block" -program $name -exe "$($_.Name)"; if ($null -eq (Get-NetFirewallRule -Name "$ProgramRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule inbound" -Name "$ProgramRule inbound" -Action "Block" -Profile Any -Direction Inbound -Program "$($_.Fullname)")) $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule Outbound" -Name "$ProgramRule Outbound" -Action "Block" -Profile Any -Direction Outbound -Program "$($_.Fullname)")) } else { "$ProgramRule already exists" | Out-Host; } } if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } function Get-ExePaths { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [string]$name ) begin { $paths = New-Object System.Collections.Generic.List[Object]; } process { (Get-ChildItem ${ENV:ProgramFiles(x86)} -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} (Get-ChildItem $ENV:ProgramFiles -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} (Get-ChildItem $ENV:ProgramData -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} (Get-ChildItem $ENV:APPDATA -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} (Get-ChildItem $ENV:LocalAppData -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} } end { return $paths; } } function Get-PortRuleName { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter()] [ValidateSet("Block","Unblock")] [string]$type, [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP")] [string]$protocol ) process { return "$type port $port $protocol" } } function Get-ProgramRuleName { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter()] [ValidateSet("Block","Unblock")] [string]$type, [string]$program, [string]$exe="*" ) process { return "$type program $program - $exe" } } function Remove-PortRule { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateSet("Block","Unblock")] [string]$type, [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol ) begin { if ([string]::IsNullOrEmpty($protocol)) { $protocol = "BOTH"; } $removedRules = New-Object System.Collections.Generic.List[object]; } process { if ($protocol -eq "BOTH" -OR $protocol -eq "TCP") { $TCPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "TCP"; "Removing $TCPRule" | Out-Host; $removedRules.add((Remove-NetFirewallRule -Name "$TCPRule*" -EA 0)) # $removedRules.add((Remove-NetFirewallRule -Name $TCPRule -EA 0)) } if ($protocol -eq "BOTH" -OR $protocol -eq "UDP") { $UDPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "UDP"; $removedRules.add((Remove-NetFirewallRule -Name "$UDPRule*" -EA 0)) # $removedRules.add((Remove-NetFirewallRule -Name $UDPRule -EA 0)) } } end { if ($null -eq $removedRules) { "Some or all Rules didn't exist" | Out-Host } return $removedRules; } } function Remove-ProgramRule { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateSet("Block","Unblock")] [string]$type, [string]$program, [string]$exe="*" ) begin { $removedRules = New-Object System.Collections.Generic.List[object]; } process { $programRule = Get-ProgramRuleName -type $type -program $program -exe $exe; $removedRules.add((Remove-NetFirewallRule -Name "$ProgramRule" -EA 0)) } end { if ($null -eq $removedRules) { "Some or all Rules didn't exist" | Out-Host } return $removedRules; } } function Unblock-Port { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol ) begin { if ([string]::IsNullOrEmpty($protocol)) { $protocol = "BOTH"; } $newRules = New-Object System.Collections.Generic.List[object]; } process { if ($protocol -eq "BOTH" -OR $protocol -eq "TCP") { $TCPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "TCP"; if ($null -eq (Get-NetFirewallRule -Name "$TCPRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule inbound" -Name "$TCPRule inbound" -Action "Allow" -Profile Any -Direction Inbound -Protocol TCP -LocalPort $port)) $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule outbound" -Name "$TCPRule outbound" -Action "Allow" -Profile Any -Direction Outbound -Protocol TCP -LocalPort $port)) } else { "$TCPRule already exists" | Out-Host; } } if ($protocol -eq "BOTH" -OR $protocol -eq "UDP") { $UDPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "UDP"; if ($null -eq (Get-NetFirewallRule -Name "$UDPRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule inbound" -Name "$UDPRule inbound" -Action "Allow" -Profile Any -Direction Inbound -Protocol UDP -LocalPort $port)) $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule outbound" -Name "$UDPRule outbound" -Action "Allow" -Profile Any -Direction Outbound -Protocol UDP -LocalPort $port)) } else { "$UDPRule already exists" | Out-Host; } } } end { if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } function Unblock-Program { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding(DefaultParameterSetName="byName")] param ( [Parameter(ParameterSetName="byName",Position=0)] [string]$name, [Parameter(ParameterSetName="byPath",ValueFromPipeline=$true)] $path, [Parameter(ParameterSetName="byPath")] [string]$programName ) begin { $paths = New-Object System.Collections.Generic.List[Object]; $newRules = New-Object System.Collections.Generic.List[object]; } process { if($PsCmdlet.ParameterSetName -match "byName") { $paths = Get-ExePaths -name $name; } else { Write-Debug "Path is $($path | out-string)" if ($path.getType().Name -match "string") { $path = Get-Item $path; } $path | Foreach-Object { if ($path[0].getType().Name -match "FileInfo") { $paths.add($_); } else { $paths.add((Get-Item $_)); } } if ([string]::IsNullOrEmpty($programName)) { $programName = "$(($path)[0].BaseName)"; } $name = $programName; } } end { Write-Debug "paths list is $($paths | out-string)"; $paths | Foreach-Object { $ProgramRule = Get-ProgramRuleName -type "Unblock" -program $name -exe "$($_.Name)"; if ($null -eq (Get-NetFirewallRule -Name "$ProgramRule*") ) { Write-Debug "Creating '$($programRule) inbound'"; $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule inbound" -Name "$ProgramRule inbound" -Action "Allow" -Profile Any -Direction Inbound -Program "$($_.Fullname)")) Write-Debug "Creating '$($programRule) outbound'"; $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule outbound" -Name "$ProgramRule Outbound" -Action "Allow" -Profile Any -Direction Outbound -Program "$($_.Fullname)")) } else { "$ProgramRule already exists" | Out-Host; } } if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } |