pavank · September 24, 2020 15:58 · Jan 27, 2017 · Jul 6, 2011
diff --git a/gistfile1.txt → Manage Windows Firewall b/gistfile1.txt → Manage Windows Firewall
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,130 @@
+Set-StrictMode -Version Latest
+
+# Constants
+if (!(Test-Path variable:\NET_FW_DISABLED)) { Set-Variable NET_FW_DISABLED -Option Constant $False }
+if (!(Test-Path variable:\NET_FW_ENABLED)) { Set-Variable NET_FW_ENABLED -Option Constant $True }
+if (!(Test-Path variable:\NET_FW_IP_PROTOCOL_TCP)) { Set-Variable NET_FW_IP_PROTOCOL_TCP -Option Constant 6 }
+if (!(Test-Path variable:\NET_FW_IP_PROTOCOL_UDP)) { Set-Variable NET_FW_IP_PROTOCOL_UDP -Option Constant 17 }
+if (!(Test-Path variable:\NET_FW_PROFILE_DOMAIN)) { Set-Variable NET_FW_PROFILE_DOMAIN -Option Constant 0x1 }
+if (!(Test-Path variable:\NET_FW_PROFILE_PRIVATE)) { Set-Variable NET_FW_PROFILE_PRIVATE -Option Constant 0x2 }
+if (!(Test-Path variable:\NET_FW_PROFILE_PUBLIC)) { Set-Variable NET_FW_PROFILE_PUBLIC -Option Constant 0x2 }
+if (!(Test-Path variable:\NET_FW_PROFILE_ALL)) { Set-Variable NET_FW_PROFILE_ALL -Option Constant 0x7FFFFFFF }
+
+function Enable-FirewallRule([String] $name, [String] $description = "", [ScriptBlock] $filter = { $_.Name = $name }, [ScriptBlock] $createRule = {}) {
+    <#
+        .SYNOPSIS
+
+        Creates or enables a firewall rule
+
+        .DESCRIPTION
+
+        The Enable-FirewallRule function checks whether a given firewall rule exists, and if
+        it does, it enables it, if it is not already enabled. If the rule does not exist,
+        it is created, calling the $createRule script block to finalize the rule
+
+        .PARAMETER name
+
+        the name of the rule
+
+        .PARAMETER description
+
+        a description for the firewall rule
+
+        .PARAMETER filter
+
+        a ScriptBlock to be passed to Where-Object to determine whether or not the rule
+        exists.
+
+        .PARAMETER createRule
+
+        a ScriptBlock that is called when the rule is created to allow the caller to specify
+        any additional restrictions on the rule
+
+        .EXAMPLE
+
+        Create a rule that opens local port 8080 to all computers
+
+        Enable-FirewallRule "Enable TCP Over Port 8080" -filter { $_.Enabled -And $_.LocalPorts -And $_.LocalPorts -eq "8080" } -createRule { param($rule) $rule.Protocol = $NET_FW_IP_PROTOCOL_TCP; $rule.LocalPorts = "8080" }"
+
+        .EXAMPLE
+
+        Create a rule that allows all incoming connections to notepad.exe
+
+        Enable-FirewallRule "Enable Incoming TCP Connections to Notepad.exe" -filter { $_.Enabled -And $_.ApplicationName -And $_.ApplicationName = ("{0}\System32\notepad.exe" -f $Env:windir) } -createRule { param($rule) $rule.Protocol = $NET_FW_IP_PROTOCOL_TCP; $rule.ApplicationName = ("{0}\System32\notepad.exe" -f $Env:windir) }
+    #>
+    $rules = @($policy.Rules | Where-Object $filter)
+    if ($rules.Count -eq 0) {
+        $rule = New-Object -com HNetCfg.FWRule
+        $rule.Name = $name
+        $rule.Description = $description
+        $rule.Protocol = $NET_FW_IP_PROTOCOL_TCP
+        if ($createRule -ne $null) { $createRule.Invoke($rule) }
+        $rule.Enabled = $NET_FW_ENABLED
+        $policy.Rules.Add($rule)
+
+        Write-Host ("Created the rule ""{0}""" -f $rule.Name)
+    } elseif (@($rules | Where-Object { $_.Enabled }).Count -eq 0) {
+        $rules | Where-Object { !$_.Enabled } | Select-Object -f 1 | ForEach-Object { 
+            $_.Enabled = $NET_FW_ENABLED
+            Write-Host ("Enabled the rule ""{0}""" -f $_.Name)
+        }
+    } else {
+        $rules | Where-Object { $_.Enabled } | ForEach-Object {
+            Write-Host ("The rule ""{0}"" was already enabled" -f $_.Name)
+        }
+    }
+}
+
+function Disable-FirewallRules([ScriptBlock] $filter = {}) {
+    <#
+        .SYNOPSIS
+
+        Disables a set of firewall rules matching the filter
+
+        .DESCRIPTION
+
+        The Disable-FirewallRules function disables all enabled rules that match the supplied filter ScriptBlock.
+
+        .PARAMETER filter
+
+        a ScriptBlock matching all the rules to disable
+
+        .EXAMPLE
+
+        Disable all rules for incoming port 80 connections
+
+        Disable-FirewallRules { $_.LocalPorts -And $_.LocalPorts -eq "80" }
+    #>
+    $rules = @($policy.Rules | Where-Object $filter | Where-Object { $_.Enabled })
+    $rules | ForEach-Object { Write-Host ("Disabling rule: ""{0}""" -f $_.Name); $_.Enabled = $NET_FW_DISABLED }
+}
+
+function Remove-FirewallRules([ScriptBlock] $filter = {}) {
+    <#
+        .SYNOPSIS
+
+        Deletes a set of firewall rules matching the filter
+
+        .DESCRIPTION
+
+        The Remove-FirewallRules function removes all rules that match the supplied filter ScriptBlock.
+
+        .PARAMETER filter
+
+        a ScriptBlock matching all the rules to remove
+
+        .EXAMPLE
+
+        Remove all firewall rules in the "Mistake" group
+
+        Remove-FirewallRules { $_.Grouping -And $_.Grouping -eq "Mistake" }
+    #>
+    $rules = @($policy.Rules | Where-Object $filter)
+    if ($rules.Count -gt 0) {
+        $rules | ForEach-Object { Write-Host ("Deleting rule: ""{0}""" -f $_.Name); $policy.Rules.Remove($_.Name) }
+    } else {
+        Write-Host "No rules matched the supplied filter"
+    }
+}
+
+$policy = New-Object -com HNetCfg.FwPolicy2