Re: [Puppet Users] Re: Windows Firewall Question

phundisk Tue, 12 Mar 2013 06:29:56 -0700

Does anyone know of this provider?  If not I can start to make one with 
netsh but it will probably take me a while


On Thursday, March 7, 2013 9:52:17 PM UTC-5, Nan Liu wrote:
>
> On Thu, Mar 7, 2013 at 5:50 PM, ad <adam.d...@gmail.com <javascript:>>wrote:
>
>> Hey David
>>
>> Below are some examples. Note these are used on embedded Windows 7 
>> (6.1.7601) and I've never tested them on servers (we run mostly Linux 
>> servers). I also have examples for XP (5.1.2600) if you want, it's a lot 
>> different.
>>
>> The first 6 are just for enabling the firewall and allowing exceptions. 
>> Obviously you may not want to enable the non-domain profiles.
>>
>>   # Enable firewall
>>   # Note: In Windows7, it seems the gui doesn't reflect 
>> enabling/disabling the firewall in the registry until a reboot.
>>   registry_value { 
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall':
>>     ensure => present,
>>     type   => 'dword',
>>     data   => '1',
>>   } 
>>     
>>   registry_value { 
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall':
>>     ensure => present,
>>     type   => 'dword',
>>     data   => '1',
>>   } 
>>     
>>   registry_value { 
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall':
>>     ensure => present,
>>     type   => 'dword',
>>     data   => '1',
>>   }
>>   
>>   # Allow exceptions
>>   registry_value { 
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions':
>>     ensure => present,
>>     type   => 'dword',
>>     data   => '0',
>>   } 
>>     
>>   registry_value { 
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\DoNotAllowExceptions':
>>     ensure => present,
>>     type   => 'dword',
>>     data   => '0',
>>   } 
>>     
>>   registry_value { 
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions':
>>     ensure => present,
>>     type   => 'dword',
>>     data   => '0',
>>   }
>>
>> Here's an example for opening a port:
>>
>>   # enable Edge
>>   registry_value { 
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarEdge':
>>     ensure => present,
>>     type   => 'string',
>>     data   => 
>> 'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8080|LPort=443|Name=PopstarEdge|',
>>   }
>>
>> Some other examples
>>
>>   # enable public ping
>>   registry_value { 
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarPing':
>>     ensure => present,
>>     type   => 'string',
>>     data   => 
>> 'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=PopstarPing|',
>>   }
>>
>>   # disable Remote Assistant
>>   # Note: when you set this in Advanced System Settings it also changes a 
>> bunch of firewall rules that we aren't doing yet
>>   registry_value { 'HKLM\SYSTEM\CurrentControlSet\Control\Remote 
>> Assistance\fAllowToGetHelp':
>>     ensure  => present,
>>     type    => 'dword',
>>     data    => '0',
>>   }   
>>
>
> The registry keys for enabling is helpful, but Windows 2008r2 is not happy 
> with registry added firewall rules (see attach). I'm guessing they 
> function, but doesn't work correctly in the UI. I suppose netsh advfirewall 
> is the way to go.
>
> Thanks,
>
> Nan 
>

-- 
_____________________________________________________
This email and any files transmitted with it are confidential and intended 
solely for the addressee.  If you received this email in error, please do 
not disclose the contents to anyone; kindly notify the sender by return 
email and delete this email and any attachments from your system.

© 2011 Currensee Inc. is a member of the National Futures Association (NFA) 
Member ID 0403251 | Over the counter retail foreign currency (Forex) 
trading may involve significant risk of loss. It is not suitable for all 
investors and you should make sure you understand the risks involved before 
trading and seek independent advice if necessary. Performance, strategies 
and charts shown are not necessarily predictive of any particular result 
and past performance is no indication of future results. Investor returns 
may vary from Trade Leader returns based on slippage, fees, broker spreads, 
volatility or other market conditions.

Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Windows Firewall Question

Reply via email to