PowerShell DSC: cLegacyFirewall Get-TargetResource

  |   Source

To follow up from my post on my Get-cLegacyFWRule function, here is the detail surrounding my cLegacyFirewall Desired State Configuration (DSC) Resource.

Next up is the cLegacyFirewall.psm1 file, which includes the three primary Functions, Get-TargetResource, Set-TargetResource and Test-TargetResource.

Get-TargetResource will do exactly that, retrieve the computer's current settings that relate to the Resource being called, in this case the Function will retrieve all Firewall Rules with the 'DisplayName' being called. The code for the resource is below.

Function Get-TargetResource
        # Localized, user-facing name of the Firewall Rule being created
        [Parameter(Mandatory = $true)]

        # Enable or disable the supplied configuration
        [ValidateSet("Yes", "No")]

        # Direction of the connection
        [ValidateSet("In", "Out")]

        # Specifies one or more profiles to which the rule is assigned
        [ValidateSet("Any", "Public", "Private", "Domain")]

        # Local IP used for the filter

        # Remote IP used for the filter

        # Path and file name of the program for which the rule is applied

        # Local Port used for the filter

        # Remote Port used for the filter

        # IP Protocol used for the filter

        # Permit or Block the supplied configuration
        [ValidateSet("Bypass", "Allow", "Block")]

        # Ensure the presence/absence of the resource
        [ValidateSet("Present", "Absent")]

    Write-Verbose "GET: Get Rules for the specified DisplayName[$DisplayName]"
    $FirewallRules = Get-cLegacyFWRule -DisplayName $DisplayName

    if (!($FirewallRules.'Rule Name'))
        Write-Verbose "GET: Firewall Rule does not exist"

        $ReturnValue = @{
            Ensure = "Absent"

        return $ReturnValue

    foreach ($FirewallRule in (($FirewallRules | Sort)[0]))
        $RuleName = $FirewallRule.'Rule Name'
        Write-Verbose "GET: Firewall rule found. Adding rule [$RuleName] to return object as [Rule $i : $RuleName]" -Verbose
        $ReturnValue = @{
            DisplayName  = $FirewallRule.'Rule Name'
            Enabled      = $FirewallRule.Enabled
            Direction    = $FirewallRule.Direction
            Profiles     = $FirewallRule.Profiles
            LocalIP      = $FirewallRule.LocalIP
            RemoteIP     = $FirewallRule.RemoteIP
            Program      = $FirewallRule.Program
            LocalPort    = $FirewallRule.LocalPort
            RemotePort   = $FirewallRule.RemotePort
            Protocol     = $FirewallRule.Protocol
            Action       = $FirewallRule.Action
            Ensure       = "Present"

    return $ReturnValue

After the 'param' block which is likely fairly self explanatory, I am doing the following...

Line 51: Calling my Get-cLegacyFWRule Function to retrieve all current Firewall Rules matching the DisplayName, and placing them into the $FirewallRules variable.

Line 53: If no rules exist that match the DisplayName, return 'Ensure = "Absent"'

Line 64: Firewall rules matching the DisplayName exist, we will simply return the 'first' rule in this instance. For my usage this was sufficient. It was a while ago when I wrote this Resource and I recall having issues trying to return multiple rules in the hashtable. If anyone could provide answers on this - how to return the hashtable for something like this with multiple rules that would be of great help!

Line 84: Lastly we'll return this $ReturnValue variable.

And there you have it, my Get-TargetResource code for retrieving DSC to retrieve a firewall rule on Windows Server 2008 R2 using my Get-cLegacyFWRule function from my previous post.

Next up, I'll bring it all together with the remaining parts of the DSC resource (as the 'Set-TargetResource' and 'Test-TargetResource' are both very similar to this).