Rule delete doesnt appear to be working.

[ekleditz]

Add a rule called test

Ask it to be deleted via:

windows_firewall_rule { 'test':
ensure => absent;
}

Expected that rule will be removed but it isn't being deleted.

Win 11

[webalexeu]

Hello,

Did you create the rule with Puppet or manually ?
If you create it manually, did you create it with the GUI or using Powershell/Netsh?

Can you give the output of those commands?
puppet resource windows_firewall_rule 'test'
Get-NetFirewallRule -Name 'test'
Get-NetFirewallRule -DisplayName 'test'

Regards,
Alex

[ekleditz]

Hi Alex,

Rule was created by hand to test this.

Interesting output from those commands

PS C:> puppet resource windows_firewall_rule 'test'
windows_firewall_rule { 'test':
ensure => 'absent',
provider => 'windows_firewall_rule',
}
PS C:> Get-NetFirewallRule -Name 'test'
Get-NetFirewallRule : No MSFT_NetFirewallRule objects found with property 'InstanceID' equal to 'test'. Verify the value of the property and retry.
At line:1 char:1

• Get-NetFirewallRule -Name 'test'

•   + CategoryInfo          : ObjectNotFound: (test:String) [Get-NetFirewallRule], CimJobException
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_InstanceID,Get-NetFirewallRule
  
  

PS C:> Get-NetFirewallRule -DisplayName 'test'

Name : {c2ab7554-e6c9-49ed-92f5-2cd830f8236a}
DisplayName : test
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Domain, Private, Public
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
RemoteDynamicKeywordAddresses : {}
PolicyAppId :
PackageFamilyName :

[webalexeu]

Puppet module is using firewall rule name as identifier because it's unique.
By default, when you create a rule, it's the display name that is populated (you can have multiple rules with the same display name) and the name is auto-generated with an identifier

But if you have created the rule using puppet, it should have populated the name correctly (Module is using the resource title as firewall name by default)

Can you please share the puppet code you use to create the firewall rule?

Could you please also try this to delete the test one ?

windows_firewall_rule { '{c2ab7554-e6c9-49ed-92f5-2cd830f8236a}':
  ensure => absent;
}

[ekleditz]

Sorry..i had misread your response and edited my post a bit after. My rule was created by hand.

Using the InstanceID does get the test rule clobbered.

Doesn't look like this will work for my specific use case this time around (I'm trying to delete a rule created by an app) but its good to know i can kill ones that i have previously created with this module easily enough.

Thanks!

edit: on a side note I now know why I was unable to edit that same stupid app created rule to look like I wanted after it was created. Couldn't figure out what i was doing wrong but its the same as with the delete

[webalexeu]

Can you give more context on your use case?

Using the purge feature can maybe be a solution but it's requiring a new release that will accept some arguments to purge specific rules

[ekleditz]

I have an app im deploying (via puppet and choco) that creates its own firewall rules when it installs. The issue is that app makes its rule incompletely so im trying to have the module delete the rule the app makes on its own and replace it with one that's correct.

The second part works great but the first part doesn't. Not the end of the world and its more of a cleanup and tidy thing for me.