EzFirewallMgmt.psm1
$PSModuleRoot = $PSScriptRoot $tools = "$PSModuleRoot\tools" function Add-PortRule { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter(ValueFromPipeline=$true)] [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol, [Parameter()] [ValidateSet("Block","Unblock")] [string]$type ) begin { $newRules = New-Object System.Collections.Generic.List[object]; $i = 1; if ($type -eq "Unblock") { $action = "Allow"; } else { $action = "Block"; } switch ($protocol) { BOTH { $count = 4; } Default { $count = 2; } } } process { if ($protocol -eq "BOTH" -OR $protocol -eq "TCP") { $TCPRule = Get-PortRuleName -type $type -port $port -protocol "TCP"; if ($null -eq (Get-NetFirewallRule -Name "$TCPRule*") ) { Write-Progress -Activity "Creating Port Rules" -id 1 -Status "$i of $count" -CurrentOperation "Creating $TCPRule inBound Rule";$i++; $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule inbound" -Name "$TCPRule inbound" -Action $action -Profile Any -Direction Inbound -Protocol TCP -LocalPort $port -EA 0)) Write-Progress -Activity "Creating Port Rules" -id 1 -Status "$i of $count" -CurrentOperation "Creating $TCPRule outbound Rule";$i++; $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule outbound" -Name "$TCPRule outbound" -Action $action -Profile Any -Direction Outbound -Protocol TCP -LocalPort $port -EA 0)) } else { "$TCPRule already exists" | Out-Host; $i+=2; } } if ($protocol -eq "BOTH" -OR $protocol -eq "UDP") { $UDPRule = Get-PortRuleName -type $type -port $port -protocol "UDP"; if ($null -eq (Get-NetFirewallRule -Name "$UDPRule*") ) { Write-Progress -Activity "Creating Port Rules" -id 1 -Status "$i of $count" -CurrentOperation "Creating $UDPRule inbound Rule";$i++; $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule inbound" -Name "$UDPRule inbound" -Action $action -Profile Any -Direction Inbound -Protocol UDP -LocalPort $port -EA 0)) Write-Progress -Activity "Creating Port Rules" -id 1 -Status "$i of $count" -CurrentOperation "Creating $UDPRule outbound Rule";$i++; $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule outbound" -Name "$UDPRule outbound" -Action $action -Profile Any -Direction Outbound -Protocol UDP -LocalPort $port -EA 0)) } else { "$UDPRule already exists" | Out-Host; $i+=2; } } Write-Progress -Activity "Creating Port Rules" -id 1 -Status "$i of $count" -Completed } end { return $newRules; } } function Add-ProgramRule { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter(Mandatory=$true,ValueFromPipeline=$true)] $paths, [Parameter()] [ValidateSet("Block","Unblock")] [string]$type, $count ) begin { $newRules = New-Object System.Collections.Generic.List[object]; $i = 1; # $count = $paths.count; } process { Write-Debug "paths list is $($paths | out-string)"; if ($type -eq "Unblock") { $action = "Allow"; } else { $action = "Block"; } $paths | Foreach-Object { $ProgramRule = Get-ProgramRuleName -type $type -program $name -exe "$($_.Name)"; Write-Progress -Activity "Creating Firewall Rules" -Status "$i of $count" -Id 1 -PercentComplete (($i/$count)*100) -CurrentOperation "Creating $ProgramRule rules"; if ($null -eq (Get-NetFirewallRule -Name "$ProgramRule*") ) { Write-Debug "Creating '$($programRule) inbound'"; Write-Progress -Activity "Creating $ProgramRule" -Status "creating inbound/outbound rules" -Id 2 -parentid 1 -CurrentOperation "Creating inbound rule"; $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule inbound" -Name "$ProgramRule inbound" -Action $action -Profile Any -Direction Inbound -Program "$($_.Fullname)")) Write-Debug "Creating '$($programRule) outbound'"; Write-Progress -Activity "Creating $ProgramRule" -Status "creating inbound/outbound rules" -Id 2 -parentid 1 -CurrentOperation "Creating outbound rule"; $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule outbound" -Name "$ProgramRule Outbound" -Action $action -Profile Any -Direction Outbound -Program "$($_.Fullname)")) Write-Progress -Activity "Creating $ProgramRule" -Status "creating inbound/outbound rules" -Id 2 -parentid 1 -Completed } else { "$ProgramRule already exists" | Out-Host; } $i++; } } end { Write-Progress -Activity "Creating Firewall Rules" -Status "$i of $count" -Id 1 -Completed; if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } function Block-Port { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol ) begin { if ([string]::IsNullOrEmpty($protocol)) { $protocol = "BOTH"; } # $newRules = New-Object System.Collections.Generic.List[object]; } process { $newRules = Add-PortRule -port $port -protocol $protocol -type Block; } end { if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } function Block-Program { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding(DefaultParameterSetName="byName")] param ( [Parameter(ParameterSetName="byName",Position=0)] [string]$name, [Parameter(ParameterSetName="byPath",ValueFromPipeline=$true)] $path, [Parameter(ParameterSetName="byPath")] [string]$programName ) begin { $paths = New-Object System.Collections.Generic.List[Object]; } process { if($PsCmdlet.ParameterSetName -match "byName") { write-debug "Name parameter set"; $paths = Get-ExePaths -name $name; } else { Write-Debug "Path is $($path | out-string)" if ($path.getType().Name -match "string") { $path = Get-Item $path; } $path | Foreach-Object { if ($path[0].getType().Name -match "FileInfo") { $paths.add($_); } else { $paths.add((Get-Item $_)); } } if ([string]::IsNullOrEmpty($programName)) { $programName = "$(($path)[0].BaseName)"; } $name = $programName; } } end { $newRules = $paths | Add-ProgramRule -type Block -count $paths.count; return $newRules; } } function Get-ExePaths { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [string]$name ) begin { $paths = New-Object System.Collections.Generic.List[Object]; } process { (Get-ChildItem ${ENV:ProgramFiles(x86)} -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} (Get-ChildItem $ENV:ProgramFiles -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} (Get-ChildItem $ENV:ProgramData -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} (Get-ChildItem $ENV:APPDATA -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} (Get-ChildItem $ENV:LocalAppData -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File) | Foreach-Object {$paths.add($_)} } end { return $paths; } } function Get-PortRuleName { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter()] [ValidateSet("Block","Unblock")] [string]$type, [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP")] [string]$protocol ) process { return "$type port $port $protocol" } } function Get-ProgramRuleName { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter()] [ValidateSet("Block","Unblock")] [string]$type, [string]$program, [string]$exe="*" ) process { return "$type program $program - $exe" } } function Remove-PortRule { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateSet("Block","Unblock")] [string]$type, [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol ) begin { if ([string]::IsNullOrEmpty($protocol)) { $protocol = "BOTH"; } $removedRules = New-Object System.Collections.Generic.List[object]; } process { if ($protocol -eq "BOTH" -OR $protocol -eq "TCP") { $TCPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "TCP"; "Removing $TCPRule" | Out-Host; $removedRules.add((Get-NetFirewallRule -Name "$TCPRule*" -EA 0)) Get-NetFirewallRule -Name "$TCPRule*" | Remove-NetFirewallRule -EA 0; # $removedRules.add((Remove-NetFirewallRule -Name $TCPRule -EA 0)) } if ($protocol -eq "BOTH" -OR $protocol -eq "UDP") { $UDPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "UDP"; $removedRules.add((Get-NetFirewallRule -Name "$UDPRule*" -EA 0)) Get-NetFirewallRule -Name "$UDPRule*" | Remove-NetFirewallRule -EA 0; # $removedRules.add((Remove-NetFirewallRule -Name $UDPRule -EA 0)) } } end { if ($null -eq $removedRules) { "Some or all Rules didn't exist" | Out-Host } return $removedRules; } } function Remove-ProgramRule { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateSet("Block","Unblock")] [string]$type, [string]$program, [string]$exe="*" ) begin { # $removedRules = New-Object System.Collections.Generic.List[object]; } process { $programRule = Get-ProgramRuleName -type $type -program $program -exe $exe; $removedRules = Get-NetFirewallRule -Name "$ProgramRule" -EA 0; Get-NetFirewallRule -Name "$ProgramRule" | Remove-NetFirewallRule -EA 0; } end { if ($null -eq $removedRules) { "Some or all Rules didn't exist" | Out-Host } return $removedRules; } } function Unblock-Port { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol ) begin { if ([string]::IsNullOrEmpty($protocol)) { $protocol = "BOTH"; } # $newRules = New-Object System.Collections.Generic.List[object]; } process { $newRules = Add-PortRule -port $port -protocol $protocol -type Unblock; } end { if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } function Unblock-Program { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding(DefaultParameterSetName="byName")] param ( [Parameter(ParameterSetName="byName",Position=0)] [string]$name, [Parameter(ParameterSetName="byPath",ValueFromPipeline=$true)] $path, [Parameter(ParameterSetName="byPath")] [string]$programName ) begin { $paths = New-Object System.Collections.Generic.List[Object]; # $newRules = New-Object System.Collections.Generic.List[object]; } process { if($PsCmdlet.ParameterSetName -match "byName") { $paths = Get-ExePaths -name $name; } else { Write-Debug "Path is $($path | out-string)" if ($path.getType().Name -match "string") { $path = Get-Item $path; } $path | Foreach-Object { if ($path[0].getType().Name -match "FileInfo") { $paths.add($_); } else { $paths.add((Get-Item $_)); } } if ([string]::IsNullOrEmpty($programName)) { $programName = "$(($path)[0].BaseName)"; } $name = $programName; } } end { $newRules = $paths | Add-ProgramRule -type Unblock -count $paths.count; return $newRules; } } |