使用 DSC 资源启用 ICMP xFirewall 创建新规则

Question

以下 DSC 语句复制现有的 Windows 防火墙规则，而不是仅更新已存在的相同规则。我更喜欢它更新而不是重复。谢谢

xFirewall EnableV4PingIn{
    Name = 'File and Printer Sharing (Echo Request - ICMPv4-In)'
    Group= 'File and Printer Sharing'
    Protocol = 'ICMPv4'
    Ensure='Present'
    Enabled='True'
    Direction='Inbound'
    PsDscRunAsCredential = $DomainAdminCredential

}
xFirewall EnableV4PingOut{
    Name = 'File and Printer Sharing (Echo Request - ICMPv4-Out)'
    Group= 'File and Printer Sharing'
    Protocol = 'ICMPv4'
    Ensure='Present'
    Enabled='True'
    Direction='Outbound'
    PsDscRunAsCredential = $DomainAdminCredential
}

xFirewall EnableV6PingIn{
    Name = 'File and Printer Sharing (Echo Request - ICMPv6-In)'
    Group= 'File and Printer Sharing'
    Protocol = 'ICMPv6'
    Ensure='Present'
    Enabled='True'
    Direction='Inbound'
    PsDscRunAsCredential = $DomainAdminCredential

}
xFirewall EnableV6PingOut{
    Name = 'File and Printer Sharing (Echo Request - ICMPv6-Out)'
    Group= 'File and Printer Sharing'
    Protocol = 'ICMPv6'
    Ensure='Present'
    Enabled='True'
    Direction='Outbound'
    PsDscRunAsCredential = $DomainAdminCredential
}

Answer 1

我想通了:)

事实证明，xFirewall 中的 "Name" 并未映射到 Windows 防火墙的 GUI 中显示的 "Name"。

您可以运行以下命令查看可用规则（及其真实"names"）：

Get-NetFirewallRule |ft

因此，您的上述内容可以简化为以下内容（对于 v4）：

xFirewall EnableV4PingIn
{
    Name = "FPS-ICMP4-ERQ-In"
    Enabled = "True"
}

xFirewall EnableV4PingOut
{
    Name = "FPS-ICMP4-ERQ-Out"
    Enabled = "True"
}

使用 DSC 资源启用 ICMP xFirewall 创建新规则

Enabling ICMP with DSC Resource xFirewall Creates New Rule

dsc