October 10, 2013

Using PowerShell to add rules to Windows Firewall

 I have recently had need to make heavier use of the Windows Firewall (which, counter intuitively is quite a bit more robust than I originally gave it credit for being.)  Being fairly "anti-GUI", I began looking for ways to script rule creation.  I found a post on Patrick's SharePoint Blog that unlocked much of the mystery.  SO, I managed the following...
function Add-FirewallRule-Block {
    param (
        $port = "*",
        $proto = 6 #1 is ICMP, 6 is TCP, 17 is UDP
    $fw = New-Object -ComObject hnetcfg.fwpolicy2
    $rule = New-Object -ComObject HNetCFG.FWRule
    $rule.Grouping = "@firewallapi.dll,-23255"
    $rule.Name = "block $ip"
    $rule.Protocol = $proto
    $rule.LocalPorts = $port
    $rule.RemoteAddresses = $ip
    $rule.Enabled = $true
    $rule.Profiles = 7 #all profiles (home, work, public)
    $rule.Action = 0 #0 is block, 1 is allow
    $rule.EdgeTraversal = $false

    $fw.Rules.Add( $rule )
To use this, you basically dump this in to a file in your path (I put it in C:\users\corey) with a name of "Add-FirewallRule-Block" and an extension of ".ps 1", and then you can call it like this:

# block all TCP connections from
# block 5900/tcp from
Add-FirewallRule-Block 5900
# block 20/udp from
Add-FirewallRule-Block 20 6

A couple of comments I will make about the code itself:
  1. the $rule.Grouping line uses a resource offset in the firewallapi.dll... I have absolutely NO idea what resource this offsets to, but it was seen in numerous places on TechNet's 
  2. Edge traversal, as defined by Microsoft, "allows the computer to accept unsolicited inbound packets that have passed through an edge device, such as a network address translation." (Full article here.)

August 03, 2013

Coding the Liturgical Calendar

For a long time, I've wanted to integrate the Roman Breviary into a couple of projects (nothing public) but have never been able to find a suitable calendar, breviary or psalter implementation.  So I wrote one in python.  It requires the `dateutil` package, but other than that its standard python.  My principle use of this is going to be to create a JSON interface to get the current office, season, feast-day and reading from the 1962 Liturgical calendar.  I am working on a "modern" liturgical calendar, its just not my priority right now.