EzFirewallMgmt.psm1
|
$PSModuleRoot = $PSScriptRoot $tools = "$PSModuleRoot\tools" function Block-Port { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol ) begin { if ([string]::IsNullOrEmpty($protocol)) { $protocol = "BOTH"; } $newRules = New-Object System.Collections.Generic.List[object]; } process { if ($protocol -eq "BOTH" -OR $protocol -eq "TCP") { $TCPRule = Get-PortRuleName -type "Block" -port $port -protocol "TCP"; if ($null -eq (Get-NetFirewallRule -Name "$TCPRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule inbound" -Name "$TCPRule inbound" -Action "Block" -Profile Any -Direction Inbound -Protocol TCP -LocalPort $port -EA 0)) $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule outbound" -Name "$TCPRule outbound" -Action "Block" -Profile Any -Direction Outbound -Protocol TCP -LocalPort $port -EA 0)) } else { "$TCPRule already exists" | Out-Host; } } if ($protocol -eq "BOTH" -OR $protocol -eq "UDP") { $UDPRule = Get-PortRuleName -type "Block" -port $port -protocol "UDP"; if ($null -eq (Get-NetFirewallRule -Name "$UDPRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule inbound" -Name "$UDPRule inbound" -Action "Block" -Profile Any -Direction Inbound -Protocol UDP -LocalPort $port -EA 0)) $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule outbound" -Name "$UDPRule outbound" -Action "Block" -Profile Any -Direction Outbound -Protocol UDP -LocalPort $port -EA 0)) } else { "$UDPRule already exists" | Out-Host; } } } end { if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } function Block-Program { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding(DefaultParameterSetName="byName")] param ( [Parameter(ParameterSetName="byName")] [string]$name, [Parameter(ParameterSetName="byPath")] [string[]]$path, [Parameter(ParameterSetName="byPath")] [string]$programName ) begin { $paths = New-Object System.Collections.Generic.List[Object]; $newRules = New-Object System.Collections.Generic.List[object]; if($name) { $paths.add((Get-ChildItem ${ENV:ProgramFiles(x86)} -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) $paths.add((Get-ChildItem $ENV:ProgramFiles -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) $paths.add((Get-ChildItem $ENV:ProgramData -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) $paths.add((Get-ChildItem $ENV:APPDATA -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) $paths.add((Get-ChildItem $ENV:LocalAppData -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) } else { $paths.add($path); if ([string]::IsNullOrEmpty($programName)) { $programName = ((Get-Item $path)[0].BaseName); } $name = $programName; } } process { $paths | Foreach-Object { $ProgramRule = Get-ProgramRuleName -type "Block" -program $name -exe $_.Name; if ($null -eq (Get-NetFirewallRule -Name "$ProgramRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule inbound" -Name "$ProgramRule inbound" -Action "Block" -Profile Any -Direction Inbound -Program "$($_.Fullname)")) $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule Outbound" -Name "$ProgramRule Outbound" -Action "Block" -Profile Any -Direction Outbound -Program "$($_.Fullname)")) } else { "$ProgramRule already exists" | Out-Host; } } } end { if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } function Get-PortRuleName { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter()] [ValidateSet("Block","Unblock")] [string]$type, [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP")] [string]$protocol ) process { return "$type port $port $protocol" } } function Get-ProgramRuleName { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter()] [ValidateSet("Block","Unblock")] [string]$type, [string[]]$program, [string]$exe="*" ) process { return "$type program $program - $exe" } } function Remove-PortRule { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateSet("Block","Unblock")] [string]$type, [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol ) begin { if ([string]::IsNullOrEmpty($protocol)) { $protocol = "BOTH"; } $removedRules = New-Object System.Collections.Generic.List[object]; } process { if ($protocol -eq "BOTH" -OR $protocol -eq "TCP") { $TCPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "TCP"; "Removing $TCPRule" | Out-Host; $removedRules.add((Remove-NetFirewallRule -Name "$TCPRule*" -EA 0)) # $removedRules.add((Remove-NetFirewallRule -Name $TCPRule -EA 0)) } if ($protocol -eq "BOTH" -OR $protocol -eq "UDP") { $UDPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "UDP"; $removedRules.add((Remove-NetFirewallRule -Name "$UDPRule*" -EA 0)) # $removedRules.add((Remove-NetFirewallRule -Name $UDPRule -EA 0)) } } end { if ($null -eq $removedRules) { "Some or all Rules didn't exist" | Out-Host } return $removedRules; } } function Remove-ProgramRule { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateSet("Block","Unblock")] [string]$type, [string]$program, [string]$exe="*" ) begin { $removedRules = New-Object System.Collections.Generic.List[object]; } process { $programRule = Get-ProgramRuleName -type $type -program $program -exe $exe; $removedRules.add((Remove-NetFirewallRule -Name "$ProgramRule" -EA 0)) } end { if ($null -eq $removedRules) { "Some or all Rules didn't exist" | Out-Host } return $removedRules; } } function Unblock-Port { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding()] param ( [string[]]$port, [Parameter()] [ValidateSet("TCP","UDP","BOTH")] [string]$protocol ) begin { if ([string]::IsNullOrEmpty($protocol)) { $protocol = "BOTH"; } $newRules = New-Object System.Collections.Generic.List[object]; } process { if ($protocol -eq "BOTH" -OR $protocol -eq "TCP") { $TCPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "TCP"; if ($null -eq (Get-NetFirewallRule -Name "$TCPRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule inbound" -Name "$TCPRule inbound" -Action "Allow" -Profile Any -Direction Inbound -Protocol TCP -LocalPort $port)) $newRules.add((New-NetFirewallRule -DisplayName "$TCPRule outbound" -Name "$TCPRule outbound" -Action "Allow" -Profile Any -Direction Outbound -Protocol TCP -LocalPort $port)) } else { "$TCPRule already exists" | Out-Host; } } if ($protocol -eq "BOTH" -OR $protocol -eq "UDP") { $UDPRule = Get-PortRuleName -type "Unblock" -port $port -protocol "UDP"; if ($null -eq (Get-NetFirewallRule -Name "$UDPRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule inbound" -Name "$UDPRule inbound" -Action "Allow" -Profile Any -Direction Inbound -Protocol UDP -LocalPort $port)) $newRules.add((New-NetFirewallRule -DisplayName "$UDPRule outbound" -Name "$UDPRule outbound" -Action "Allow" -Profile Any -Direction Outbound -Protocol UDP -LocalPort $port)) } else { "$UDPRule already exists" | Out-Host; } } } end { if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } function Unblock-Program { # .ExternalHelp EzFirewallMgmt-help.xml [CmdletBinding(DefaultParameterSetName="byName")] param ( [Parameter(ParameterSetName="byName")] [string]$name, [Parameter(ParameterSetName="byPath")] [string[]]$path, [Parameter(ParameterSetName="byPath")] [string]$programName ) begin { $paths = New-Object System.Collections.Generic.List[Object]; $newRules = New-Object System.Collections.Generic.List[object]; if($name) { $paths.add((Get-ChildItem ${ENV:ProgramFiles(x86)} -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) $paths.add((Get-ChildItem $ENV:ProgramFiles -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) $paths.add((Get-ChildItem $ENV:ProgramData -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) $paths.add((Get-ChildItem $ENV:APPDATA -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) $paths.add((Get-ChildItem $ENV:LocalAppData -Directory | Where-Object name -match $name | Get-ChildItem -Recurse -Filter "*.exe" -File)) } else { $paths.add($path); if ([string]::IsNullOrEmpty($programName)) { $programName = ((Get-Item $path)[0].BaseName); } $name = $programName; } } process { $paths | Foreach-Object { $ProgramRule = Get-ProgramRuleName -type "Unblock" -program $name -exe $_.Name; if ($null -eq (Get-NetFirewallRule -Name "$ProgramRule*") ) { $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule inbound" -Name "$ProgramRule inbound" -Action "Allow" -Profile Any -Direction Inbound -Program "$($_.Fullname)")) $newRules.add((New-NetFirewallRule -DisplayName "$ProgramRule Outbound" -Name "$ProgramRule Outbound" -Action "Allow" -Profile Any -Direction Outbound -Program "$($_.Fullname)")) } else { "$ProgramRule already exists" | Out-Host; } } } end { if ($null -eq $newRules) { "Some or all Rules already existed" | Out-Host } return $newRules; } } |