Port configuration with DSC?

DSC
1

Hello,

Currently I am trying to configure two things on my VM-s:

  • Open specific ports in the firewall
  • Bind a certificate to a particular port

For both of these at the moment I use script resources invoking netsh or xxx-NetFirewallRule but I was wondering if there are better ways or resources out there that you can point me to?

Thank you.
Val

2

Can anyone please comment?

3

for firewall rules check out the xFirewall resource in the xNetworking module. For certificates binding, if you mean IIS website port bindings check out the xWebsite resource in the xWebAdministration module. If you’re talking about the ssl certificate bindings on the machine i.e. ‘netsh http show sslcert’, I’m not sure if there’s a dsc module for that.

4

Thank you. Yes, I meant netsh… Meanwhile I implemented it in a script like this:

...
    param (
        [string] $ApplicationId,
        [string] $VmCertificateHash,
        [int] $NetTcpPort     = 808
    )
...
        Script NetTcpCertificatePortBinding
        {
            GetScript = 
            {
                $t = netsh http show sslcert ipport=0.0.0.0:$NetTcpPort
                @{ Result = $t }
            }

            TestScript = 
            {
                $t = netsh http show sslcert ipport=0.0.0.0:$NetTcpPort
                
                $t -match "(?im)^\s+IP:port\s*:\s*.*:$NetTcpPort" -and
                $t -match "(?im)^\s+Certificate Hash\s*:\s*$VmCertificateHash$" -and
                $t -match "(?im)^\s+Application ID\s*:\s*{$ApplicationId}\s*$"
            }
            
            SetScript = 
            {
                netsh http add sslcert ipport=0.0.0.0:$NetTcpPort certhash=$VmCertificateHash appid="{$ApplicationId}"
            }
        }
...

But it is not working. Can you see any problem in the code above?
Thank you!

5

Figured it out: I was missing the “$using:” part. The snippet above should be:

...
    param (
        [string] $ApplicationId,
        [string] $VmCertificateHash,
        [int] $NetTcpPort     = 808
    )
...
        Script NetTcpCertificatePortBinding
        {
            GetScript = 
            {
                @{ Result = netsh http show sslcert ipport=0.0.0.0:$using:NetTcpPort }
            }

            TestScript = 
            {
                $t = netsh http show sslcert ipport=0.0.0.0:$using:NetTcpPort
                
                $t -match "(?im)^\s+IP:port\s*:\s*.*:$using:NetTcpPort" -and
                $t -match "(?im)^\s+Certificate Hash\s*:\s*$using:VmCertificateHash$" -and
                $t -match "(?im)^\s+Application ID\s*:\s*{$using:ApplicationId}\s*$"
            }
            
            SetScript = 
            {
                netsh http add sslcert ipport=0.0.0.0:$using:NetTcpPort certhash=$using:VmCertificateHash appid="{$using:ApplicationId}"
            }
        }
...