netsh advfirewall add- how to prevent multiple entries by command line

Hi
I´m using a little script to enter "add rule" to the firewall in Win 7

f.e.

netsh advfirewall firewall add rule name="Firefox Updater" dir=out program="%ProgramFiles% (x86)\Mozilla Firefox\updater.exe" enable=yes profile=any action=allow

This works fine so far.
But if i start the script again, it will create the same rule AGAIN (with the same name and everything).

Can I prevent this? Maybe I need some unique identifier that prevents double entries?
Or should I better check - using some if/else commands - if a rule exists and if not add it (but how do i do THAT?).

I don´t want to create a lot of single script files, i just want to use one which i might extend with new entries if a new tool is coming along. I know this might not be the nicest solution for a security matter, but it´s fine for me

Aside from that, if someone is doing the same thing or something similar, are you still using the batch cmd or are you on Power Shell?


Thanks a lot!

Anyone?
Maybe the idea isn´t very interesting?

Thank you Jacee, but I already know how to set rules.
The command syntax from my previous post itself is right. My problem is that if I start it (f.e.) accidentally twice, i get 2 rules with the same name.

The solution I´m looking for is something like a unique identifier that prevents that from happening and return a "hey, you already got a out rule by that name, you can´t put another one in".

SAIT said:

(...) My problem is that if I start it (f.e.) accidentally twice, i get 2 rules with the same name.

The solution I´m looking for is something like a unique identifier that prevents that from happening and return a "hey, you already got a out rule by that name, you can´t put another one in".

Hi,
I prefer batch cmd scripts for my tasks. The next script is an extensible solution to do the job for you, with your return message . I hope it's good for you.

The basic idea is: if you use the same name for the created rule all the times, first you must check if it exist or not. If exist: jump over; if not: create the rule.
I use command line parameters for job specification, and call a small subroutine for it.

On deleting, all the rules with the specified name are deleted!
Good luck!
P

Code:

@echo off
:: 
:: Batch script to create and delete port rules in Win7 firewall
:: Created by Péter Barabás (barabas_p(at)yahoo...)
::
setlocal
 
:: In the next two line, you can set the parameters for script:
set PORTNUMBER=4567
set RULENAME="Open MyPort %PORTNUMBER%"
 
:: Using command line parameter for selecting process:
if "%1"=="/o" call :_OpeningPort
if "%1"=="/d" call :_DelRules
if "%1"=="" echo No parameter. Exiting.
goto :EOF
 
:_OpeningPort
:: Opening Port on firewall:
netsh advfirewall firewall show rule name=%RULENAME% >nul
if not ERRORLEVEL 1 (
rem Rule %RULENAME% already exist.
echo Hey, you already got a out rule by that name, you can´t put another one in!
) else (
echo Rule %RULENAME% not exist. Creating...
netsh advfirewall firewall add rule name=%RULENAME% dir=in action=allow protocol=TCP localport=%PORTNUMBER% remoteip=LocalSubnet profile=private interfacetype=lan
)
goto :EOF
 
:_DelRules
:: Deleting enabled port:
netsh advfirewall firewall show rule name=%RULENAME% >nul
if not ERRORLEVEL 1 (
echo Rule %RULENAME% exist. Deleting...
netsh advfirewall firewall delete rule name=%RULENAME% protocol=tcp localport=%PORTNUMBER%
) else (
echo Rule %RULENAME% does not exist. 
)
goto :EOF

Thank you Peter.
You´re solution has been very helpful and is already more advanced than what i intented to do. I just needed the check sequence.

So what this is how i proceed now when I want to add a new rule:
1. I copy an existing older block and paste it at the end of my file
2. I chance the Rulename and ProgPath variables to the new program i want to add
( i keep the rules very simple, nothing with ports etc...)
3. I run the script. The script checks the existence and reacts according to Peter´s code, then it goes on to the next rule block.

At the end i see the result in the CMD Box like this

Hey, you already got a out rule by that name, you cannot put another one in!
Hey, you already got a out rule by that name, you cannot put another one in!
Hey, you already got a out rule by that name, you cannot put another one in!
Rule "test" not exist. Creating...
OK.


It´s not the most elegant solution, someone might want to do this with a loop sequence, but I don´t know how and it works fine for me this way.

I don´t get any doublettes in my rule set this way PLUS
i can use the same script on a similar machine without changing the code. Before that I had to put a REM in front of each rule after i added it, which of course needed to be removed on new installations.

Code:

@echo off

:: -----------------------------------------------
Rem Rule - added on xxx.xxx.2011
set RULENAME="Firefox"
Set ProgPath="%ProgramFiles% (x86)\Mozilla Firefox\firefox.exe"

netsh advfirewall firewall show rule name=%RULENAME% >nul
if not ERRORLEVEL 1 (
rem Rule %RULENAME% already exist.
echo Hey, you already got a out rule by that name, you cannot put another one in!

) else (
echo Rule %RULENAME% not exist. Creating...
netsh advfirewall firewall add rule name=%RULENAME% dir=out program=%ProgPath% enable=yes profile=any action=allow description=%RULENAME% 
)
:: -----------------------------------------------


Rem Rule - added on xxx.xxx.2011
set RULENAME="Firefox Updater"
Set ProgPath="%ProgramFiles% (x86)\Mozilla Firefox\updater.exe"


netsh advfirewall firewall show rule name=%RULENAME% >nul
if not ERRORLEVEL 1 (
rem Rule %RULENAME% already exist.
echo Hey, you already got a out rule by that name, you cannot put another one in!

) else (
echo Rule %RULENAME% not exist. Creating...
netsh advfirewall firewall add rule name=%RULENAME% dir=out program=%ProgPath% enable=yes profile=any action=allow description=%RULENAME% 
)
:: -----------------------------------------------

If someone want to play along with this, please go ahead.
Thanks again for the help

Just delete the rule first. If it doesn't exist then no harm done