Reworked Firewall function for better output and message in rules
This commit is contained in:
parent
5269bf5d78
commit
9fddccdc62
1 changed files with 25 additions and 16 deletions
41
cleanW10.ps1
41
cleanW10.ps1
|
|
@ -10,8 +10,11 @@ Set-StrictMode -Version 2
|
||||||
#$PSDefaultParameterValues=@{$dir = "./modules.d"}
|
#$PSDefaultParameterValues=@{$dir = "./modules.d"}
|
||||||
$HOST_FILE = "$env:windir\System32\drivers\etc\hosts"
|
$HOST_FILE = "$env:windir\System32\drivers\etc\hosts"
|
||||||
$HOST_IP = "0.0.0.0"
|
$HOST_IP = "0.0.0.0"
|
||||||
|
$FW_RULE_NAME_PREFIX = "CleanW10"
|
||||||
|
|
||||||
$ErrorActionPreference = "Stop"
|
$ErrorActionPreference = "Stop"
|
||||||
$ProgressPreference = "SilentlyContinue"
|
$ProgressPreference = "SilentlyContinue"
|
||||||
|
|
||||||
#Thanks to https://gist.github.com/markembling/173887
|
#Thanks to https://gist.github.com/markembling/173887
|
||||||
function BlockHost {
|
function BlockHost {
|
||||||
param(
|
param(
|
||||||
|
|
@ -66,14 +69,20 @@ function FwBlockOutputIP {
|
||||||
foreach ($line in Get-Content $params.file ){ FwBlockOutputIP @{"ip"="$line"} }
|
foreach ($line in Get-Content $params.file ){ FwBlockOutputIP @{"ip"="$line"} }
|
||||||
}
|
}
|
||||||
elseif ( $params.ContainsKey('ip') ) {
|
elseif ( $params.ContainsKey('ip') ) {
|
||||||
Write-Host -NoNewline "`t$($params.ip) : "
|
if (-not $params.ContainsKey('name') -or $params.name -eq "" ) {
|
||||||
if ( Get-NetFirewallRule -Name Blacklist_$($params.ip) -ErrorAction SilentlyContinue) {
|
$name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.ip
|
||||||
Write-Host -ForegroundColor Yellow "already blacklisted"
|
}
|
||||||
|
else {
|
||||||
|
$name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.name
|
||||||
|
}
|
||||||
|
Write-Host -NoNewline "`tAdd FW IP rule $name ($($params.ip)) : "
|
||||||
|
if ( Get-NetFirewallRule -Name $name -ErrorAction SilentlyContinue) {
|
||||||
|
Write-Host -ForegroundColor Yellow "already exist"
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Try {
|
Try {
|
||||||
New-NetFirewallRule -Name Blacklist_$($params.ip) -DisplayName "BlackList $($params.ip)" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null
|
New-NetFirewallRule -Name $name -DisplayName "$name (blacklist $($params.ip))" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null
|
||||||
}
|
}
|
||||||
Catch {
|
Catch {
|
||||||
Write-Host -ForegroundColor Red "error"
|
Write-Host -ForegroundColor Red "error"
|
||||||
|
|
@ -100,29 +109,29 @@ function FwBlockProgram {
|
||||||
[object]$params
|
[object]$params
|
||||||
)
|
)
|
||||||
if ( $params.ContainsKey('file') ) {
|
if ( $params.ContainsKey('file') ) {
|
||||||
foreach ($line in Get-Content $params.file ){ FwBlockOutputIP @{"ip"="$line"} }
|
foreach ($line in Get-Content $params.file ){ FwBlockProgram @{"path"="$line"} }
|
||||||
}
|
}
|
||||||
elseif ( $params.ContainsKey('path') ) {
|
elseif ( $params.ContainsKey('path') ) {
|
||||||
$path = Invoke-Expression """$($params.path)"""
|
$path = Invoke-Expression """$($params.path)"""
|
||||||
Write-Host -NoNewline "`tBlock program $($path) : "
|
if ( -not $params.ContainsKey('name') -or $params.name -eq "" ) {
|
||||||
|
$name = $FW_RULE_NAME_PREFIX + "_PROG_" + $params.path
|
||||||
|
}
|
||||||
|
$name = $FW_RULE_NAME_PREFIX + "_PROG_" + $params.name
|
||||||
|
Write-Host -NoNewline "`tAdd FW program rule $name ($($path)) : "
|
||||||
|
if ( Get-NetFirewallRule -Name $name -ErrorAction SilentlyContinue) {
|
||||||
|
Write-Host -ForegroundColor Yellow "already exist"
|
||||||
|
return
|
||||||
|
}
|
||||||
if ( -not (Test-Path $path) ) {
|
if ( -not (Test-Path $path) ) {
|
||||||
Write-Host -Foregroundcolor Red "Error (path not found)"
|
Write-Host -Foregroundcolor Red "Error (path not found)"
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if ( -not $params.ContainsKey('name') ) {
|
|
||||||
$params.name = $params.path
|
|
||||||
}
|
|
||||||
if ( Get-NetFirewallRule -Name $($params.name) -ErrorAction SilentlyContinue) {
|
|
||||||
Write-Host -ForegroundColor Yellow "already blacklisted"
|
|
||||||
return
|
|
||||||
}
|
|
||||||
try {
|
try {
|
||||||
New-NetFirewallRule -Name "$($params.name)" -DisplayName "$($params.name)" -Program "$path" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress any -Action Block | Out-Null
|
New-NetFirewallRule -Name "$name" -DisplayName "$name (program : $($params.path))" -Program "$path" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress any -Action Block | Out-Null
|
||||||
Write-Host -ForegroundColor Green "done"
|
Write-Host -ForegroundColor Green "done"
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Host -ForegroundColor Red "error"
|
Write-Host -ForegroundColor Red "error"
|
||||||
return
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
@ -368,7 +377,7 @@ function UninstallModernApp {
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Host -NoNewLine -ForegroundColor Red "Error `n`t"
|
Write-Host -NoNewLine -ForegroundColor Red "Error `n`t"
|
||||||
write-Host -ForegroundColor DarkRed "Impossible to Uninstall. Is this a system one."
|
write-Host -ForegroundColor DarkRed $_
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
||||||
Reference in a new issue