Add 'program' option support for win_firewall module.

[r-pufky]

Description of Issue

Windows firewall allows rules to be defined explicitly for programs. Given that the underlying implementation for win_firewall uses netsh advfirewall, adding an option to specify a program should be relatively easy.

See: https://support.microsoft.com/en-us/help/947709/how-to-use-the-netsh-advfirewall-firewall-context-instead-of-the-netsh for information on firewall rules that match using programs.

Patch below.

diff --git a/salt/modules/win_firewall.py b/salt/modules/win_firewall.py
index 2a721df232..0d9e0abf05 100644
--- a/salt/modules/win_firewall.py
+++ b/salt/modules/win_firewall.py
@@ -165,7 +165,7 @@ def get_rule(name='all'):


 def add_rule(name, localport, protocol='tcp', action='allow', dir='in',
-             remoteip='any'):
+             remoteip='any', program=None):
     '''
     .. versionadded:: 2015.5.0

@@ -214,6 +214,8 @@ def add_rule(name, localport, protocol='tcp', action='allow', dir='in',

             Can be combinations of the above separated by commas.

+        program (Optional [str]): Full program path to apply firewall rule.
+
     Returns:
         bool: True if successful

@@ -235,6 +237,9 @@ def add_rule(name, localport, protocol='tcp', action='allow', dir='in',
            'action={0}'.format(action),
            'remoteip={0}'.format(remoteip)]

+    if program:
+      cmd.append('program={0}'.format(program))
+
     if protocol is None \
             or ('icmpv4' not in protocol and 'icmpv6' not in protocol):
         cmd.append('localport={0}'.format(localport))
@@ -250,7 +255,8 @@ def delete_rule(name=None,
                 localport=None,
                 protocol=None,
                 dir=None,
-                remoteip=None):
+                remoteip=None,
+                program=None):
     '''
     .. versionadded:: 2015.8.0

@@ -272,6 +278,8 @@ def delete_rule(name=None,

         remoteip (Optional[str]): The remote IP of the rule.

+        program (Optional [str]): Full program path to apply firewall rule.
+
     Returns:
         bool: True if successful

@@ -304,6 +312,8 @@ def delete_rule(name=None,
         cmd.append('dir={0}'.format(dir))
     if remoteip:
         cmd.append('remoteip={0}'.format(remoteip))
+    if program:
+        cmd.append('program={0}'.format(program))

     if protocol is None \
             or ('icmpv4' not in protocol and 'icmpv6' not in protocol):

[frogunder]

@r-pufky Thank you for reporting this.

Will label as feature request.

Thanks.

[jp-costa]

+1

[ithakaa]

has this been added ?