FAQ
Hello all,

I'm currently running 2.7.19 (Puppet Enterprise 2.7.0)

I want to use puppet to add / amend or delete windows firewall rules, is
there a tidy way of doing this ????

exec { "Check_MK_Firewall_Rule_create":
command => 'C:\Windows\System32\netsh.exe advfirewall firewall add rule
name="Check_MK" dir=in action=allow protocol=TCP localport=6556',
unless => 'C:\Windows\System32\netsh.exe advfirewall firewall show rule
name="Check_MK"',
}

## If I remove the unless statement, it will keep add the same rule over
and over again, which will make the firewall rule list un-manageable


exec { "Check_MK_Firewall_Rule_enable":
command => 'C:\Windows\System32\netsh.exe advfirewall firewall set rule
name="Check_MK" new enable=Yes',
}

## When I do a puppet run it keeps running this, is there a way to only run
if disabled ???

Hope this make sense

regards

James

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Justin Stoller at Feb 14, 2013 at 5:22 pm

    On Thu, Feb 14, 2013 at 7:29 AM, jim wrote:

    Hello all,

    I'm currently running 2.7.19 (Puppet Enterprise 2.7.0)

    I want to use puppet to add / amend or delete windows firewall rules, is
    there a tidy way of doing this ????

    exec { "Check_MK_Firewall_Rule_create":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall add rule
    name="Check_MK" dir=in action=allow protocol=TCP localport=6556',
    unless => 'C:\Windows\System32\netsh.exe advfirewall firewall show rule
    name="Check_MK"',
    }

    ## If I remove the unless statement, it will keep add the same rule over
    and over again, which will make the firewall rule list un-manageable


    exec { "Check_MK_Firewall_Rule_enable":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall set rule
    name="Check_MK" new enable=Yes',
    }

    ## When I do a puppet run it keeps running this, is there a way to only
    run if disabled ???

    Hope this make sense

    regards

    James
    I belive you want to your second exec to subscribe to the first (so the
    first exec only runs if the rule doesn't exist and the second only runs if
    the first does).

    To tidy that up you could put them in a defined type so you can write
    something like:
    win_firewall { "Check_MK":
    direction => in,
    action => allow,
    protocol => TCP,
    port => 6556,
    }

    Of course there's a whole host of things you can do to continue tiding up.
    Like creating a native type & provider for windows firewall, extending a
    current type with a windows provider, or wrapping linux firewall types &
    windows firewall types in a more generic 'firewall' type, that just depends
    on how far you want to take it.....

    - Justin

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Ad at Feb 15, 2013 at 5:13 am
    Hey Jim,

    As someone who generally hates using execs unless I absolutely have to, I
    would recommend using the Puppet Labs registry module. I can dig out some
    examples tomorrow if you like.

    Adam
    On Thursday, February 14, 2013 9:29:52 AM UTC-6, jim wrote:

    Hello all,

    I'm currently running 2.7.19 (Puppet Enterprise 2.7.0)

    I want to use puppet to add / amend or delete windows firewall rules, is
    there a tidy way of doing this ????

    exec { "Check_MK_Firewall_Rule_create":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall add rule
    name="Check_MK" dir=in action=allow protocol=TCP localport=6556',
    unless => 'C:\Windows\System32\netsh.exe advfirewall firewall show rule
    name="Check_MK"',
    }

    ## If I remove the unless statement, it will keep add the same rule over
    and over again, which will make the firewall rule list un-manageable


    exec { "Check_MK_Firewall_Rule_enable":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall set rule
    name="Check_MK" new enable=Yes',
    }

    ## When I do a puppet run it keeps running this, is there a way to only
    run if disabled ???

    Hope this make sense

    regards

    James
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • David Hartog at Mar 5, 2013 at 2:36 pm
    Hi Adam,

    I would be interested in seeing an example of a firewall config managed by
    the registry module. Is that possible?

    Thanks,
    David.
    On Friday, February 15, 2013 5:13:04 AM UTC, ad wrote:

    Hey Jim,

    As someone who generally hates using execs unless I absolutely have to, I
    would recommend using the Puppet Labs registry module. I can dig out some
    examples tomorrow if you like.

    Adam
    On Thursday, February 14, 2013 9:29:52 AM UTC-6, jim wrote:

    Hello all,

    I'm currently running 2.7.19 (Puppet Enterprise 2.7.0)

    I want to use puppet to add / amend or delete windows firewall rules, is
    there a tidy way of doing this ????

    exec { "Check_MK_Firewall_Rule_create":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall add rule
    name="Check_MK" dir=in action=allow protocol=TCP localport=6556',
    unless => 'C:\Windows\System32\netsh.exe advfirewall firewall show rule
    name="Check_MK"',
    }

    ## If I remove the unless statement, it will keep add the same rule over
    and over again, which will make the firewall rule list un-manageable


    exec { "Check_MK_Firewall_Rule_enable":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall set rule
    name="Check_MK" new enable=Yes',
    }

    ## When I do a puppet run it keeps running this, is there a way to only
    run if disabled ???

    Hope this make sense

    regards

    James
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Phundisk at Mar 7, 2013 at 3:23 pm
    I also would. I was also thinking of making a native windows firewall
    module/provider in my copious free time (sarcasm). If the registry version
    of controlling firewall rules works fine though, that would probably be the
    fastest and easiest way I can think of.
    On Tuesday, March 5, 2013 9:36:15 AM UTC-5, david....@struq.com wrote:

    Hi Adam,

    I would be interested in seeing an example of a firewall config managed by
    the registry module. Is that possible?

    Thanks,
    David.
    On Friday, February 15, 2013 5:13:04 AM UTC, ad wrote:

    Hey Jim,

    As someone who generally hates using execs unless I absolutely have to, I
    would recommend using the Puppet Labs registry module. I can dig out some
    examples tomorrow if you like.

    Adam
    On Thursday, February 14, 2013 9:29:52 AM UTC-6, jim wrote:

    Hello all,

    I'm currently running 2.7.19 (Puppet Enterprise 2.7.0)

    I want to use puppet to add / amend or delete windows firewall rules, is
    there a tidy way of doing this ????

    exec { "Check_MK_Firewall_Rule_create":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall add rule
    name="Check_MK" dir=in action=allow protocol=TCP localport=6556',
    unless => 'C:\Windows\System32\netsh.exe advfirewall firewall show rule
    name="Check_MK"',
    }

    ## If I remove the unless statement, it will keep add the same rule over
    and over again, which will make the firewall rule list un-manageable


    exec { "Check_MK_Firewall_Rule_enable":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall set rule
    name="Check_MK" new enable=Yes',
    }

    ## When I do a puppet run it keeps running this, is there a way to only
    run if disabled ???

    Hope this make sense

    regards

    James
    --
    _____________________________________________________
    This email and any files transmitted with it are confidential and intended
    solely for the addressee. If you received this email in error, please do
    not disclose the contents to anyone; kindly notify the sender by return
    email and delete this email and any attachments from your system.

    © 2011 Currensee Inc. is a member of the National Futures Association (NFA)
    Member ID 0403251 | Over the counter retail foreign currency (Forex)
    trading may involve significant risk of loss. It is not suitable for all
    investors and you should make sure you understand the risks involved before
    trading and seek independent advice if necessary. Performance, strategies
    and charts shown are not necessarily predictive of any particular result
    and past performance is no indication of future results. Investor returns
    may vary from Trade Leader returns based on slippage, fees, broker spreads,
    volatility or other market conditions.

    Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Ad at Mar 8, 2013 at 1:50 am
    Hey David

    Below are some examples. Note these are used on embedded Windows 7
    (6.1.7601) and I've never tested them on servers (we run mostly Linux
    servers). I also have examples for XP (5.1.2600) if you want, it's a lot
    different.

    The first 6 are just for enabling the firewall and allowing exceptions.
    Obviously you may not want to enable the non-domain profiles.

    # Enable firewall
    # Note: In Windows7, it seems the gui doesn't reflect enabling/disabling
    the firewall in the registry until a reboot.
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall':
    ensure => present,
    type => 'dword',
    data => '1',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall':
    ensure => present,
    type => 'dword',
    data => '1',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall':
    ensure => present,
    type => 'dword',
    data => '1',
    }

    # Allow exceptions
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\DoNotAllowExceptions':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    Here's an example for opening a port:

    # enable Edge
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarEdge':
    ensure => present,
    type => 'string',
    data =>
    'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8080|LPort=443|Name=PopstarEdge|',
    }

    Some other examples

    # enable public ping
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarPing':
    ensure => present,
    type => 'string',
    data =>
    'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=PopstarPing|',
    }

    # disable Remote Assistant
    # Note: when you set this in Advanced System Settings it also changes a
    bunch of firewall rules that we aren't doing yet
    registry_value { 'HKLM\SYSTEM\CurrentControlSet\Control\Remote
    Assistance\fAllowToGetHelp':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    hth,

    Adam
    On Tuesday, March 5, 2013 8:36:15 AM UTC-6, david....@struq.com wrote:

    Hi Adam,

    I would be interested in seeing an example of a firewall config managed by
    the registry module. Is that possible?

    Thanks,
    David.
    On Friday, February 15, 2013 5:13:04 AM UTC, ad wrote:

    Hey Jim,

    As someone who generally hates using execs unless I absolutely have to, I
    would recommend using the Puppet Labs registry module. I can dig out some
    examples tomorrow if you like.

    Adam
    On Thursday, February 14, 2013 9:29:52 AM UTC-6, jim wrote:

    Hello all,

    I'm currently running 2.7.19 (Puppet Enterprise 2.7.0)

    I want to use puppet to add / amend or delete windows firewall rules, is
    there a tidy way of doing this ????

    exec { "Check_MK_Firewall_Rule_create":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall add rule
    name="Check_MK" dir=in action=allow protocol=TCP localport=6556',
    unless => 'C:\Windows\System32\netsh.exe advfirewall firewall show rule
    name="Check_MK"',
    }

    ## If I remove the unless statement, it will keep add the same rule over
    and over again, which will make the firewall rule list un-manageable


    exec { "Check_MK_Firewall_Rule_enable":
    command => 'C:\Windows\System32\netsh.exe advfirewall firewall set rule
    name="Check_MK" new enable=Yes',
    }

    ## When I do a puppet run it keeps running this, is there a way to only
    run if disabled ???

    Hope this make sense

    regards

    James
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Nan Liu at Mar 8, 2013 at 2:53 am

    On Thu, Mar 7, 2013 at 5:50 PM, ad wrote:

    Hey David

    Below are some examples. Note these are used on embedded Windows 7
    (6.1.7601) and I've never tested them on servers (we run mostly Linux
    servers). I also have examples for XP (5.1.2600) if you want, it's a lot
    different.

    The first 6 are just for enabling the firewall and allowing exceptions.
    Obviously you may not want to enable the non-domain profiles.

    # Enable firewall
    # Note: In Windows7, it seems the gui doesn't reflect enabling/disabling
    the firewall in the registry until a reboot.
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall':
    ensure => present,
    type => 'dword',
    data => '1',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall':
    ensure => present,
    type => 'dword',
    data => '1',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall':
    ensure => present,
    type => 'dword',
    data => '1',
    }

    # Allow exceptions
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\DoNotAllowExceptions':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    Here's an example for opening a port:

    # enable Edge
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarEdge':
    ensure => present,
    type => 'string',
    data =>
    'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8080|LPort=443|Name=PopstarEdge|',
    }

    Some other examples

    # enable public ping
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarPing':
    ensure => present,
    type => 'string',
    data =>
    'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=PopstarPing|',
    }

    # disable Remote Assistant
    # Note: when you set this in Advanced System Settings it also changes a
    bunch of firewall rules that we aren't doing yet
    registry_value { 'HKLM\SYSTEM\CurrentControlSet\Control\Remote
    Assistance\fAllowToGetHelp':
    ensure => present,
    type => 'dword',
    data => '0',
    }
    The registry keys for enabling is helpful, but Windows 2008r2 is not happy
    with registry added firewall rules (see attach). I'm guessing they
    function, but doesn't work correctly in the UI. I suppose netsh advfirewall
    is the way to go.

    Thanks,

    Nan

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Phundisk at Mar 12, 2013 at 1:29 pm
    Does anyone know of this provider? If not I can start to make one with
    netsh but it will probably take me a while
    On Thursday, March 7, 2013 9:52:17 PM UTC-5, Nan Liu wrote:

    On Thu, Mar 7, 2013 at 5:50 PM, ad <adam.d...@gmail.com <javascript:>>wrote:
    Hey David

    Below are some examples. Note these are used on embedded Windows 7
    (6.1.7601) and I've never tested them on servers (we run mostly Linux
    servers). I also have examples for XP (5.1.2600) if you want, it's a lot
    different.

    The first 6 are just for enabling the firewall and allowing exceptions.
    Obviously you may not want to enable the non-domain profiles.

    # Enable firewall
    # Note: In Windows7, it seems the gui doesn't reflect
    enabling/disabling the firewall in the registry until a reboot.
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall':
    ensure => present,
    type => 'dword',
    data => '1',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall':
    ensure => present,
    type => 'dword',
    data => '1',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall':
    ensure => present,
    type => 'dword',
    data => '1',
    }

    # Allow exceptions
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\DoNotAllowExceptions':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions':
    ensure => present,
    type => 'dword',
    data => '0',
    }

    Here's an example for opening a port:

    # enable Edge
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarEdge':
    ensure => present,
    type => 'string',
    data =>
    'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8080|LPort=443|Name=PopstarEdge|',
    }

    Some other examples

    # enable public ping
    registry_value {
    'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarPing':
    ensure => present,
    type => 'string',
    data =>
    'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=PopstarPing|',
    }

    # disable Remote Assistant
    # Note: when you set this in Advanced System Settings it also changes a
    bunch of firewall rules that we aren't doing yet
    registry_value { 'HKLM\SYSTEM\CurrentControlSet\Control\Remote
    Assistance\fAllowToGetHelp':
    ensure => present,
    type => 'dword',
    data => '0',
    }
    The registry keys for enabling is helpful, but Windows 2008r2 is not happy
    with registry added firewall rules (see attach). I'm guessing they
    function, but doesn't work correctly in the UI. I suppose netsh advfirewall
    is the way to go.

    Thanks,

    Nan
    --
    _____________________________________________________
    This email and any files transmitted with it are confidential and intended
    solely for the addressee. If you received this email in error, please do
    not disclose the contents to anyone; kindly notify the sender by return
    email and delete this email and any attachments from your system.

    © 2011 Currensee Inc. is a member of the National Futures Association (NFA)
    Member ID 0403251 | Over the counter retail foreign currency (Forex)
    trading may involve significant risk of loss. It is not suitable for all
    investors and you should make sure you understand the risks involved before
    trading and seek independent advice if necessary. Performance, strategies
    and charts shown are not necessarily predictive of any particular result
    and past performance is no indication of future results. Investor returns
    may vary from Trade Leader returns based on slippage, fees, broker spreads,
    volatility or other market conditions.

    Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Paul Tötterman at Mar 12, 2013 at 2:40 pm

    Does anyone know of this provider? If not I can start to make one with
    netsh but it will probably take me a while
    I really suggest you do it via the proper firewall COM API, e.g. with
    powershell:
    http://stackoverflow.com/questions/11956291/how-can-i-add-a-widows-firewall-rule-with-a-custom-group-name .
    netsh doesn't expose the whole firewall API.

    Cheers,
    Paul

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Alex Farhadi at Mar 12, 2013 at 2:44 pm
    Excellent, thank you for the link.


    On Tue, Mar 12, 2013 at 10:40 AM, Paul Tötterman
    wrote:
    Does anyone know of this provider? If not I can start to make one with
    netsh but it will probably take me a while
    I really suggest you do it via the proper firewall COM API, e.g. with
    powershell:
    http://stackoverflow.com/questions/11956291/how-can-i-add-a-widows-firewall-rule-with-a-custom-group-name .
    netsh doesn't expose the whole firewall API.

    Cheers,
    Paul

    --
    You received this message because you are subscribed to a topic in the
    Google Groups "Puppet Users" group.
    To unsubscribe from this topic, visit
    https://groups.google.com/d/topic/puppet-users/XNcU3qDH6fc/unsubscribe?hl=en
    .
    To unsubscribe from this group and all its topics, send an email to
    puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    _____________________________________________________
    This email and any files transmitted with it are confidential and intended
    solely for the addressee. If you received this email in error, please do
    not disclose the contents to anyone; kindly notify the sender by return
    email and delete this email and any attachments from your system.

    © 2011 Currensee Inc. is a member of the National Futures Association (NFA)
    Member ID 0403251 | Over the counter retail foreign currency (Forex)
    trading may involve significant risk of loss. It is not suitable for all
    investors and you should make sure you understand the risks involved before
    trading and seek independent advice if necessary. Performance, strategies
    and charts shown are not necessarily predictive of any particular result
    and past performance is no indication of future results. Investor returns
    may vary from Trade Leader returns based on slippage, fees, broker spreads,
    volatility or other market conditions.

    Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Paul Tötterman at Mar 7, 2013 at 3:55 pm

    As someone who generally hates using execs unless I absolutely have to, I
    would recommend using the Puppet Labs registry module. I can dig out some
    examples tomorrow if you like.

    I'm a bit wary about prodding in the registry behind the back of windows
    firewall, but please tell me if it works. I wrote some idempotent
    powershell to control the firewall rules in windows.

    Cheers,
    Paul

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Nan Liu at Mar 7, 2013 at 6:11 pm

    On Thu, Mar 7, 2013 at 7:55 AM, Paul Tötterman wrote:

    As someone who generally hates using execs unless I absolutely have to, I
    would recommend using the Puppet Labs registry module. I can dig out some
    examples tomorrow if you like.

    I'm a bit wary about prodding in the registry behind the back of windows
    firewall, but please tell me if it works. I wrote some idempotent
    powershell to control the firewall rules in windows.
    The registry data looks straightforward in HKLM/System/CurrentControlSet/
    (search FirewallRules):

    v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1433|Name=SQL|

    But the problem is generating the name:
    {4DBAC415-6138-489A-B647-7FAA20709582}

    You can't arbitrarily name it SQL. This would be straightforward as a
    define type wrapping around registry if someone knows how to generate the
    registry name. Adam?

    I'm also using exec with netsh firewall to open a port for SQL server for
    now, but a type and provider would be much more robust. However I would
    like to hear some Windows expert chime in, before trying to write a
    type/provider around netsh advfirewall.


    Thanks,

    Nan

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedFeb 14, '13 at 3:29p
activeMar 12, '13 at 2:44p
posts12
users7
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase