DSC resource for managing firewall rules.
Carbon_FirewallRule [String] #ResourceName
{
Name = [string]
[Action = [string]{ Allow | Block | Bypass }]
[DependsOn = [string[]]]
[Description = [string]]
[Direction = [string]{ In | Out }]
[EdgeTraversalPolicy = [string]{ DeferApp | DeferUser | No | Yes }]
[Enabled = [bool]]
[Ensure = [string]{ Absent | Present }]
[InterfaceType = [string]{ Any | LAN | RAS | Wireless }]
[LocalIPAddress = [string]]
[LocalPort = [string]]
[Profile = [string[]]]
[Program = [string]]
[Protocol = [string]]
[PsDscRunAsCredential = [PSCredential]]
[RemoteIPAddress = [string]]
[RemotePort = [string]]
[Security = [string]{ AuthDynEnc | AuthEnc | Authenticate | AuthNoEncap | NotRequired }]
[Service = [string]]
}
The Carbon_FirewallRule resource manages firewall rules. It uses the netsh advfirewall firewall command. Please see Netsh AdvFirewall Firewall Commands or run netsh advfirewall firewall set rule for documentation on how to configure the firewall.
When modifying existing rules, only properties you pass are updated/changed. All other properties are left as-is.
Carbon_FirewallRule is new in Carbon 2.0.
| Name | Type | Description | Required? | Pipeline Input | Default Value |
|---|---|---|---|---|---|
| Name | String | The name of the rule. |
true | false | |
| Enabled | Boolean | If |
false | false | True |
| Direction | String | If set to |
false | false | |
| Profile | String[] | Specifies the profile(s) to which the firewall rule is assigned. The rule is active on the local computer only when the specified profile is currently active. Valid values are |
false | false | |
| LocalIPAddress | String | The local IP addresses the rule applies to. Valid values are |
false | false | |
| LocalPort | String | The local port the rule applies to. Valid values are a specific port number, a range of port numbers (e.g. |
false | false | |
| RemoteIPAddress | String | The remote IP addresses the rules applies to. Valid values are |
false | false | |
| RemotePort | String | The remote port the rule applies to. Valid values are a specific port number, a range of port numbers (e.g. |
false | false | |
| Protocol | String | The protocol the rule applies to. Valid values are |
false | false | |
| EdgeTraversalPolicy | String | For inbound rules, specifies that traffic that traverses an edge device, such as a Network Address Translation (NAT) enabled router, between the local and remote computer matches this rule. Valid values are |
false | false | |
| Action | String | Specifies what to do when packets match the rule. Valid values are |
false | false | |
| InterfaceType | String | Specifies that only network packets passing through the indicated interface types match this rule. Valid values are |
false | false | |
| Security | String | Specifies that only network packets protected with the specified type of IPsec options match this rule. Valid values are |
false | false | |
| Description | String | A description of the rule. |
false | false | |
| Program | String | Specifies that network traffic generated by the identified executable program matches this rule. |
false | false | |
| Service | String | Specifies that traffic generated by the identified service matches this rule. The ServiceShortName for a service can be found in Services MMC snap-in, by right-clicking the service, selecting Properties, and examining Service Name. |
false | false | |
| Ensure | String | Set to |
false | false | Present |
Demonstrates how to enable a firewall rule.
Carbon_FirewallRule EnableHttpIn
{
Name = 'World Wide Web Services (HTTP Traffic-In)'
Enabled = $true;
Ensure = 'Present'
}
Demonstrates how to delete a firewall rule.
Carbon_FirewallRule DeleteMyRule
{
Name = 'MyCustomRule';
Ensure = 'Absent';
}
There may be multiple rules with the same name, so we recommend disabling rules instead.
Demonstrates how to create/modify an incoming firewall rule.
Carbon_FirewallRule MyAppPorts
{
Name = 'My App Ports';
Action = 'Allow';
Direction = 'In';
Protocol = 'tcp';
LocalPort = '8080,8180';
Ensure = 'Present';
}