From 3fc4ef6549bd1e2d27ebb6f6ff8a7a2f6eaeec00 Mon Sep 17 00:00:00 2001
From: RiverHeart <RiverHeart@users.noreply.github.com>
Date: Sat, 3 Apr 2021 16:39:54 -0400
Subject: [PATCH 1/3] Fix icmp for windows

Originally implemented by AlexandreZia and resubmitted here with his permission and minor tweaks by me

Added icmp? function and checks to exclude local/remote ports if that function returns true. Also case statement to convert icmp to icmpv4 so we don't need to distinguish between values for Linux/Windows

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the
    best of my knowledge, is covered under an appropriate open
    source license and I have the right under that license to
    submit that work with modifications, whether created in whole
    or in part by me, under the same open source license (unless
    I am permitted to submit under a different license), as
    Indicated in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including
    all personal information I submit with it, including my
    sign-off) is maintained indefinitely and may be redistributed
    consistent with this project or the open source license(s)
    involved.

Signed-off-by: Riverheart
---
 libraries/helpers_windows.rb | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/libraries/helpers_windows.rb b/libraries/helpers_windows.rb
index 4cb47ac8..1fb3dafb 100644
--- a/libraries/helpers_windows.rb
+++ b/libraries/helpers_windows.rb
@@ -4,6 +4,10 @@ module Windows
       include FirewallCookbook::Helpers
       include Chef::Mixin::ShellOut
 
+      def icmp?(protocol)
+        [:icmp, :icmpv4, :icmpv6, 1, 58].any?(protocol)
+      end
+      
       def fixup_cidr(str)
         newstr = str.clone
         newstr.gsub!('0.0.0.0/0', 'any') if newstr.include?('0.0.0.0/0')
@@ -60,20 +64,30 @@ def build_rule(new_resource)
 
         new_resource.program && parameters['program'] = new_resource.program
         new_resource.service && parameters['service'] = new_resource.service
-        parameters['protocol'] = new_resource.protocol
+        # Keep interface the same and handle windows specific changes here.
+        case new_resource.protocol
+        when :icmp
+          parameters['protocol'] = :icmpv4
+        else
+          parameters['protocol'] = new_resource.protocol
+        end
 
         if new_resource.direction.to_sym == :out
           parameters['localip'] = new_resource.source ? fixup_cidr(new_resource.source) : 'any'
-          parameters['localport'] = new_resource.source_port ? port_to_s(new_resource.source_port) : 'any'
           parameters['interfacetype'] = new_resource.interface || 'any'
           parameters['remoteip'] = new_resource.destination ? fixup_cidr(new_resource.destination) : 'any'
-          parameters['remoteport'] = new_resource.dest_port ? port_to_s(new_resource.dest_port) : 'any'
+          unless icmp?(new_resource.protocol)
+            parameters['localport'] = new_resource.source_port ? port_to_s(new_resource.source_port) : 'any'
+            parameters['remoteport'] = new_resource.dest_port ? port_to_s(new_resource.dest_port) : 'any'
+          end
         else
           parameters['localip'] = new_resource.destination || 'any'
-          parameters['localport'] = dport_calc(new_resource) ? port_to_s(dport_calc(new_resource)) : 'any'
           parameters['interfacetype'] = new_resource.dest_interface || 'any'
           parameters['remoteip'] = new_resource.source ? fixup_cidr(new_resource.source) : 'any'
-          parameters['remoteport'] = new_resource.source_port ? port_to_s(new_resource.source_port) : 'any'
+          unless icmp?(new_resource.protocol)
+            parameters['localport'] = new_resource.source_port ? port_to_s(new_resource.source_port) : 'any'
+            parameters['remoteport'] = new_resource.dest_port ? port_to_s(new_resource.dest_port) : 'any'
+          end
         end
 
         parameters['action'] = type.to_s
@@ -109,10 +123,12 @@ def rule_up_to_date?(name, type)
             current_parameters['service'] = Regexp.last_match(1).chomp if line =~ /^Service:\s+(.*)$/
             current_parameters['protocol'] = Regexp.last_match(1).chomp if line =~ /^Protocol:\s+(.*)$/
             current_parameters['localip'] = Regexp.last_match(1).chomp if line =~ /^LocalIP:\s+(.*)$/
-            current_parameters['localport'] = Regexp.last_match(1).chomp if line =~ /^LocalPort:\s+(.*)$/
             current_parameters['interfacetype'] = Regexp.last_match(1).chomp if line =~ /^InterfaceTypes:\s+(.*)$/
             current_parameters['remoteip'] = Regexp.last_match(1).chomp if line =~ /^RemoteIP:\s+(.*)$/
-            current_parameters['remoteport'] = Regexp.last_match(1).chomp if line =~ /^RemotePort:\s+(.*)$/
+            unless icmp?(new_resource.protocol)
+              current_parameters['localport'] = Regexp.last_match(1).chomp if line =~ /^LocalPort:\s+(.*)$/
+              current_parameters['remoteport'] = Regexp.last_match(1).chomp if line =~ /^RemotePort:\s+(.*)$/
+            end
             current_parameters['action'] = Regexp.last_match(1).chomp if line =~ /^Action:\s+(.*)$/
           end
 

From 565a6f159008afb736325d007aac29e92b5ab564 Mon Sep 17 00:00:00 2001
From: RiverHeart <RiverHeart@users.noreply.github.com>
Date: Sat, 3 Apr 2021 17:15:46 -0400
Subject: [PATCH 2/3] Remove whitespace, fix redundant code

---
 libraries/helpers_windows.rb | 23 +++++++++--------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/libraries/helpers_windows.rb b/libraries/helpers_windows.rb
index 1fb3dafb..0e4f17c1 100644
--- a/libraries/helpers_windows.rb
+++ b/libraries/helpers_windows.rb
@@ -7,7 +7,7 @@ module Windows
       def icmp?(protocol)
         [:icmp, :icmpv4, :icmpv6, 1, 58].any?(protocol)
       end
-      
+
       def fixup_cidr(str)
         newstr = str.clone
         newstr.gsub!('0.0.0.0/0', 'any') if newstr.include?('0.0.0.0/0')
@@ -65,29 +65,24 @@ def build_rule(new_resource)
         new_resource.program && parameters['program'] = new_resource.program
         new_resource.service && parameters['service'] = new_resource.service
         # Keep interface the same and handle windows specific changes here.
-        case new_resource.protocol
-        when :icmp
-          parameters['protocol'] = :icmpv4
-        else
-          parameters['protocol'] = new_resource.protocol
+        parameters['protocol'] = case new_resource.protocol
+        when :icmp then :icmpv4
+        else new_resource.protocol
         end
 
         if new_resource.direction.to_sym == :out
           parameters['localip'] = new_resource.source ? fixup_cidr(new_resource.source) : 'any'
           parameters['interfacetype'] = new_resource.interface || 'any'
           parameters['remoteip'] = new_resource.destination ? fixup_cidr(new_resource.destination) : 'any'
-          unless icmp?(new_resource.protocol)
-            parameters['localport'] = new_resource.source_port ? port_to_s(new_resource.source_port) : 'any'
-            parameters['remoteport'] = new_resource.dest_port ? port_to_s(new_resource.dest_port) : 'any'
-          end
         else
           parameters['localip'] = new_resource.destination || 'any'
           parameters['interfacetype'] = new_resource.dest_interface || 'any'
           parameters['remoteip'] = new_resource.source ? fixup_cidr(new_resource.source) : 'any'
-          unless icmp?(new_resource.protocol)
-            parameters['localport'] = new_resource.source_port ? port_to_s(new_resource.source_port) : 'any'
-            parameters['remoteport'] = new_resource.dest_port ? port_to_s(new_resource.dest_port) : 'any'
-          end
+        end
+
+        unless icmp?(new_resource.protocol)
+          parameters['localport'] = new_resource.source_port ? port_to_s(new_resource.source_port) : 'any'
+          parameters['remoteport'] = new_resource.dest_port ? port_to_s(new_resource.dest_port) : 'any'
         end
 
         parameters['action'] = type.to_s

From 2d4c68cdde8ec68ab603d4e05b918b655e02d355 Mon Sep 17 00:00:00 2001
From: RiverHeart <RiverHeart@users.noreply.github.com>
Date: Sat, 3 Apr 2021 17:25:18 -0400
Subject: [PATCH 3/3] Fix indenting

---
 libraries/helpers_windows.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libraries/helpers_windows.rb b/libraries/helpers_windows.rb
index 0e4f17c1..1db2f966 100644
--- a/libraries/helpers_windows.rb
+++ b/libraries/helpers_windows.rb
@@ -66,9 +66,9 @@ def build_rule(new_resource)
         new_resource.service && parameters['service'] = new_resource.service
         # Keep interface the same and handle windows specific changes here.
         parameters['protocol'] = case new_resource.protocol
-        when :icmp then :icmpv4
-        else new_resource.protocol
-        end
+                                 when :icmp then :icmpv4
+                                 else new_resource.protocol
+                                 end
 
         if new_resource.direction.to_sym == :out
           parameters['localip'] = new_resource.source ? fixup_cidr(new_resource.source) : 'any'