functions/Import-FirewallRules.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<#
.SYNOPSIS
Imports firewall rules from a CSV or JSON file.
.DESCRIPTION
Imports firewall rules from with Export-FirewallRules generated CSV or JSON files. CSV files have to
be separated with semicolons. Existing rules with same display name will be overwritten.
.PARAMETER CSVFile
Input file
.PARAMETER JSON
Input in JSON instead of CSV format
.NOTES
Author: Markus Scholtes
Version: 1.02
Build date: 2020/02/15
.EXAMPLE
Import-FirewallRules
Imports all firewall rules in the CSV file FirewallRules.csv in the current directory.
.EXAMPLE
Import-FirewallRules WmiRules.json -json
Imports all firewall rules in the JSON file WmiRules.json.
#>

function Import-FirewallRules
{
    Param($CSVFile = ".\FirewallRules.csv", [SWITCH]$JSON)

    #Requires -Version 4.0

    # convert comma separated list (String) to Stringarray
    function ListToStringArray([STRING]$List, $DefaultValue = "Any")
    {
        if (![STRING]::IsNullOrEmpty($List))
        {    return ($List -split ",")    }
        else
        {    return $DefaultValue}
    }

    # convert value (String) to boolean
    function ValueToBoolean([STRING]$Value, [BOOLEAN]$DefaultValue = $FALSE)
    {
        if (![STRING]::IsNullOrEmpty($Value))
        {
            if (($Value -eq "True") -or ($Value -eq "1"))
            { return $TRUE }
            else
            {    return $FALSE }
        }
        else
        {
            return $DefaultValue
        }
    }


    if (!$JSON)
    { # read CSV file
        $FirewallRules = Get-Content $CSVFile | ConvertFrom-CSV -Delimiter ";"
    }
    else
    { # read JSON file
        $FirewallRules = Get-Content $CSVFile | ConvertFrom-JSON
    }

    # iterate rules
    ForEach ($Rule In $FirewallRules)
    { # generate Hashtable for New-NetFirewallRule parameters
        $RuleSplatHash = @{
            Name = $Rule.Name
            Displayname = $Rule.Displayname
            Description = $Rule.Description
            Group = $Rule.Group
            Enabled = $Rule.Enabled
            Profile = $Rule.Profile
            Platform = ListToStringArray $Rule.Platform @()
            Direction = $Rule.Direction
            Action = $Rule.Action
            EdgeTraversalPolicy = $Rule.EdgeTraversalPolicy
            LooseSourceMapping = ValueToBoolean $Rule.LooseSourceMapping
            LocalOnlyMapping = ValueToBoolean $Rule.LocalOnlyMapping
            LocalAddress = ListToStringArray $Rule.LocalAddress
            RemoteAddress = ListToStringArray $Rule.RemoteAddress
            Protocol = $Rule.Protocol
            LocalPort = ListToStringArray $Rule.LocalPort
            RemotePort = ListToStringArray $Rule.RemotePort
            IcmpType = ListToStringArray $Rule.IcmpType
            DynamicTarget = if ([STRING]::IsNullOrEmpty($Rule.DynamicTarget)) { "Any" } else { $Rule.DynamicTarget }
            Program = $Rule.Program
            Service = $Rule.Service
            InterfaceAlias = ListToStringArray $Rule.InterfaceAlias
            InterfaceType = $Rule.InterfaceType
            LocalUser = $Rule.LocalUser
            RemoteUser = $Rule.RemoteUser
            RemoteMachine = $Rule.RemoteMachine
            Authentication = $Rule.Authentication
            Encryption = $Rule.Encryption
            OverrideBlockRules = ValueToBoolean $Rule.OverrideBlockRules
        }

        # for SID types no empty value is defined, so omit if not present
        if (![STRING]::IsNullOrEmpty($Rule.Owner)) { $RuleSplatHash.Owner = $Rule.Owner }
        if (![STRING]::IsNullOrEmpty($Rule.Package)) { $RuleSplatHash.Package = $Rule.Package }

        Write-Output "Generating firewall rule `"$($Rule.DisplayName)`" ($($Rule.Name))"
        # remove rule if present
        Get-NetFirewallRule -EA SilentlyContinue -Name $Rule.Name | Remove-NetFirewallRule

        # generate new firewall rule, parameter are assigned with splatting
        New-NetFirewallRule -EA Continue @RuleSplatHash
    }
}