Aud333
1
Hi,
I am adding Windows Firewall rule with PSADT: Execute-Process -FilePath “C:\Windows\System32\netsh.exe” -Arguments “advfirewall firewall add rule name=”“TEST_FW”" profile=domain protocol=TCP enable=yes dir=in action=allow program="“C:\Program Files (x86)\TEST\test.exe”""
To avoid duplicating firewall rules, I wish to check if firewall rule exists first, before adding the rule.
I would appreciate your advice on how to check for existing firewall rule.
Thank you.
Hi,
I’m using this function to check for firewall rules:
Function Get-FireWallRule
{Param ($Name, $Direction, $Enabled, $Protocol, $profile, $action, $grouping)
$Rules=(New-object –comObject HNetCfg.FwPolicy2).rules
If ($name) {$rules= $rules | where-object {$_.name –like $name}}
If ($direction) {$rules= $rules | where-object {$_.direction –eq $direction}}
If ($Enabled) {$rules= $rules | where-object {$_.Enabled –eq $Enabled}}
If ($protocol) {$rules= $rules | where-object {$_.protocol -eq $protocol}}
If ($profile) {$rules= $rules | where-object {$_.Profiles -bAND $profile}}
If ($Action) {$rules= $rules | where-object {$_.Action -eq $Action}}
If ($Grouping) {$rules= $rules | where-object {$_.Grouping -Like $Grouping}}
$rules}
## <Perform Pre-Installation tasks here>
write-log -Message "Searching for Java Firewall Rules" -Severity 1 -Source $deployAppScriptFriendlyName
$FWRules = Get-FirewallRule -Name java*
If ($FWRules) {
write-log -Message "Firewall Rule Java found" -Severity 1 -Source $deployAppScriptFriendlyName
If ($envOSName -like "*2008*") {
write-log -Message "Removing Firewall Rule Java on $envOSName" -Severity 1 -Source $deployAppScriptFriendlyName
Execute-Process -Path "$envSystem32Directory\netsh.exe" -Parameters "advfirewall firewall delete rule name=""Java(TM) Platform SE binary"""
}
Else {
ForEach ($Rule in $FWRules) {
write-log -Message "Removing Firewall Rule Java on $envOSName" -Severity 1 -Source $deployAppScriptFriendlyName
Remove-NetFirewallRule -DisplayName $Rule.Name
}
}
}
Else {
write-log -Message "No Firewall Rule Java found" -Severity 1 -Source $deployAppScriptFriendlyName
}
##*===============================================
##* POST-INSTALLATION
##*===============================================
[string]$installPhase = 'Post-Installation'
## <Perform Post-Installation tasks here>
If ($Is64Bit){
write-log -Message "64-bit OS. Configuring for the 64-bit OS" -Severity 1 -Source $deployAppScriptFriendlyName
# Define Path to add
$DestPath = $appDirx64
## Adding Firewall Rules for Java
Write-Log -Message "Adding Firewall Rules for Java" -Severity 1 -Source $deployAppScriptFriendlyName
New-NetFirewallRule -DisplayName "Java(TM) Platform SE binary" -Direction Inbound -Program "$DestPath\bin\javaw.exe" -Action Allow -Enabled True -Profile Domain -Protocol UDP
New-NetFirewallRule -DisplayName "Java(TM) Platform SE binary" -Direction Inbound -Program "$DestPath\bin\javaw.exe" -Action Allow -Enabled True -Profile Domain -Protocol TCP
}
else{
write-log -Message "32-bit OS. Configuring for the 32-bit OS" -Severity 1 -Source $deployAppScriptFriendlyName
# Define Path to add
$DestPath = $appDirx86
Write-Log -Message "Adding Firewall Rules for Java" -Severity 1 -Source $deployAppScriptFriendlyName
Execute-Process -Path "$envSystem32Directory\netsh.exe" -Parameters "advfirewall firewall add rule name=""Java(TM) Platform SE binary"" dir=in action=allow program=""$DestPath\bin\javaw.exe"" enable=yes profile=domain protocol=udp"
Execute-Process -Path "$envSystem32Directory\netsh.exe" -Parameters "advfirewall firewall add rule name=""Java(TM) Platform SE binary"" dir=in action=allow program=""$DestPath\bin\javaw.exe"" enable=yes profile=domain protocol=tcp"
}
## Add JAVA_HOME to environment variables
Write-Log -Message "Adding JAVA_HOME variable and adding $DestPath" -Severity 1 -Source $deployAppScriptFriendlyName
#add $DestPath to permanent system wide path
$ExistingVar = [System.Environment]::GetEnvironmentVariable('JAVA_HOME',[System.EnvironmentVariableTarget]::Machine)
$EnvVarJH = $ExistingVar | %{$_ -match "JAVA_HOME"}
If (!($EnvVarJH -contains $True)) {
[Environment]::SetEnvironmentVariable("JAVA_HOME", $DestPath, "Machine")
}
For the record, my x64 computers are W10 and x86 are W7 so I cannot use the same function to add firewall rules.
1 Like
Aud333
3
Thanks, Christophe_Girardy, for sharing your script, it did help me.
You’re welcome
I’m glad I could help you