Need help with syntax of Action Script

evgeny · February 22, 2026, 12:40pm

Hi everybody. Will be appreciate for any help to correct the actions script of custom fixlet.
The script has several errors and I don't know how to resolve them. I'm not a programmer.
To be honest, several variants give an AI, I combined them because all of them was wrong too ).

I'd like to create a fixlet to create a custom windows firewall rules. Create a form with parameters. And now I need to do correct action script to read them and create a firewall rule.

Script v1: The error in IF function prevents the file from being saved

// ------------------------------------------------
// Parameters coming from the form
// ------------------------------------------------
parameter "rule_name" of action
parameter "direction" of action
parameter "protocol" of action
parameter "port" of action
parameter "action" of action

// Normalize values for netsh
set "_dir" = {if (parameter "direction" of action as lowercase starts with "in") then "in" else "out"}
set "_proto" = {parameter "protocol" of action as lowercase}
set "_act" = {if (parameter "action" of action as lowercase starts with "allow") then "allow" else "block"}
set "_port" = {parameter "port" of action}

// Rule name (cleaned a bit)
set "rulename" = {concatenation of (characters of (parameter "rule_name" of action) whose (it is alphanumeric or it is one of " -"))}

// ------------------------------------------------
// Idempotency check - does this exact rule already exist?
// ------------------------------------------------
if {not exists lines whose (
(ERROR it contains ("Rule Name:") and it contains _rulename and
it contains ("Direction:") and it contains (if _dir = "in" then "In" else "Out") and
it contains ("Action:") and it contains (if _act = "allow" then "Allow" else "Block") and
it contains ("Protocol:") and it contains (_proto as uppercase)
) of (it as string as trimmed string) of result of command "netsh advfirewall firewall show rule name=all"}

// ------------------------------------------------
// Create the rule
// ------------------------------------------------
waithidden cmd /c netsh advfirewall firewall add rule name="%_rulename%" dir=%_dir% action=%_act% protocol=%_proto% localport="%_port%" profile=any enable=yes

// Report result
appendfile Firewall rule created: %_rulename%
copy __appendfile c:\windows\temp\firewall-custom-rule.log append

else
appendfile Firewall rule already exists: %_rulename%
copy __appendfile c:\windows\temp\firewall-custom-rule.log append
endif

(ERROR) prefetch success

Script v2: The Fixlet saved ok, but there is an error when take action from the first string

// =============================================================================
// Add Windows Firewall Rule to ALL Profiles (Domain + Private + Public)
// Parameters from form: rule_name, direction, protocol, port, action
// =============================================================================

// --- Normalize parameters ----------------------------------------------------
parameter "rule_name" of action as trimmed string -> "_rule_name"

(ERROR) set "_rule_name_lc" = {lowercase of _rule_name}

set "_dir" = {if (parameter "direction" of action as lowercase starts with "in") then "in" else "out"}
set "_proto" = {parameter "protocol" of action as lowercase}
set "_act" = {if (parameter "action" of action as lowercase starts with "allow") then "allow" else "block"}
set "_port" = {parameter "port" of action as trimmed string}

// --- Idempotency check -------------------------------------------------------
// If any rule with this exact name already exists skip everything
if {exists lines whose (it as lowercase contains "Rule Name:" and it as lowercase contains _rule_name_lc) of result of command "netsh advfirewall firewall show rule name=all"}

delete __appendfile
appendfile [SKIP] Firewall rule already exists (name: {_rule_name})
appendfile   Direction: {parameter "direction" of action}
appendfile   Protocol : {parameter "protocol" of action}
appendfile   Ports    : {_port}
appendfile   Action   : {parameter "action" of action}
appendfile   Time     : {now}
copy __appendfile "C:\Windows\Temp\firewall_custom.log" append

// action succeeded "Rule already exists, no changes made"

// To force "Failed" status with message (visible in console action status)
//action failed "Rule already exists, no changes made"

// To force "Successful" with custom note (rarely needed)
(ERROR) prefetch success // or just end script normally

else

// --- Create the rule in ALL THREE profiles ---------------------------
// Domain profile
waithidden netsh advfirewall firewall add rule name="{_rule_name}" profile=domain dir={_dir} action={_act} protocol={_proto} localport="{_port}" enable=yes

// Private profile
waithidden netsh advfirewall firewall add rule name="{_rule_name}" profile=private dir={_dir}  action={_act} protocol={_proto} localport="{_port}" enable=yes

// Public profile
waithidden netsh advfirewall firewall add rule name="{_rule_name}" profile=public dir={_dir} action={_act} protocol={_proto} localport="{_port}" enable=yes

// --- Log success --------------------------------------------
delete __appendfile
appendfile [CREATED] Firewall rule added to ALL profiles
appendfile   Name      : {_rule_name}
appendfile   Direction : {parameter "direction" of action}
appendfile   Protocol  : {parameter "protocol" of action}
appendfile   Ports     : {_port}
appendfile   Action    : {parameter "action" of action}
appendfile   Time      : {now}
copy __appendfile "C:\Windows\Temp\firewall_custom.log" append

// To force "Successful" with custom note (rarely needed)
(ERROR) prefetch success // or just end script normally

endif

hp3 · February 22, 2026, 3:25pm

You’re almost there with script v2.

There’s no set command for variables in action script; just make these a parameter like the others you’re using. Format to set them is parameter “name”=”value” (the quotes are required), and then reference the value as parameter “name” like you’re already doing with some of them.

Example: parameter "_proto" = “{parameter "protocol" of action as lowercase}”

Regarding _rule_name_lc there’s no lowercase of property – just cast it using as lowercase like you did with the others: parameter "_rule_name_lc" = “{parameter “_rule_name” as lowercase}”

append at end of copy command is ignored / not needed

prefetch is only used for downloads. prefetch success is not an action script command; you should remove these

evgeny · February 22, 2026, 3:39pm

Like this, am I correct?

parameter "_rule_name" = "{parameter "rule_name" of action as lowercase}"
parameter "_dir" = "{if (parameter "direction" of action as lowercase starts with "in") then "in" else "out"}"
parameter "_proto" = "{parameter "protocol" of action as lowercase}"
parameter "_act" = "{if (parameter "action" of action as lowercase starts with "allow") then "allow" else "block"}"
parameter "_port" = "{parameter "port" of action as string}"

evgeny · February 22, 2026, 3:47pm

Well, status of Action Failed on the first string

Failed: parameter "_rule_name" = "{parameter "rule_name" of action as lowercase}"

shabircse · February 22, 2026, 3:57pm

The syntax is correct i believe the parameter rule_name is coming as blank

evgeny · February 23, 2026, 2:52pm

I Think you are right. I guess the problem with parameters in the form, not on the script.

SLB · February 23, 2026, 2:53pm

Are you able to share your exported BES file with the community?

evgeny · February 23, 2026, 3:02pm

I think yes, no problem. I'm ok, even if someone else takes it.
The main thing is that if the fixlet will be good, it should work and help others.

I created it for the first time and create a simple table.
And the problem is that I do something wrong and I didn't transfer the fields data to variables.

Also, I have noticed another structure in the fixlets. People use MIME to describe variable.

If some one can help with it will be cool.

evgeny · February 23, 2026, 3:05pm

Custom Windows Firewall Rule (In All Profiles) v2.bes (9.7 KB)

skyler · February 23, 2026, 10:00pm

Either the parameters aren't available in the fixlet/task or you're redeclaring them when they already exist.

For example, the first line passes and the second line fails:

parameter "Test" = "True"
parameter "Test" = "False"

If the UI portion of your action script is working properly, you don't need to declare the variable as it's already there.

However, I'd recommend checking out creating parameterized fixlets. Download the document on the page and go through it. Seems to be a much easier way to do your UI and will pass your parameters into the action script properly.

evgeny · February 24, 2026, 12:57pm

I don't have access to this doc with my account name.

skyler · February 24, 2026, 1:26pm

I updated the link. Looks like there was an error with it.

evgeny · March 10, 2026, 9:54am

I don't have enough time to create this fixlet. Guys, give me an advice, please. I have a form, several fields on it. Each field has it's own name. How can I check how I fill them? I mean, I fullfil the fields, press take action, and only thing i would to see the result how correct the system read those fields. Something like shabircse described, but in the console.

evgeny · March 10, 2026, 10:37am

for example. i have a simple field

//Rule Name:
//<INPUT id=param_rule_name style="BORDER-TOP: #ccc 1px solid; BORDER-RIGHT: #ccc 1px solid; WIDTH: 320px; BORDER-BOTTOM: #ccc 1px solid; PADDING-BOTTOM: 8px; PADDING-TOP: 8px; PADDING-LEFT: 8px; BORDER-LEFT: #ccc 1px solid; PADDING-RIGHT: 8px; border-radius: 4px" name=param_rule_name placeholder="e.g. Allow-Web-Server-443" required>
Unique name for the rule (will be used to check existence)

ID of it = param_rule_name, NAME of it (the same) = param_rule_name

Also I've created a condition:

if {exists parameter "param_rule_name"} then parameter "_param_rule_name" = "{(parameter "param_rule_name" of action) as string}"
else parameter "_param_rule_name" = ""
endif

I think, after action If I fill into the field name "TEST RULE" variable _param_rule_name should include string "TEST RULE".

Is it correct and how can I check the result?

How can I print a new variable _param_rule_name?

JasonWalker · March 10, 2026, 4:55pm

I just want to make sure you're approaching the Forum with the right set of expectations. Everything on the Forum is for community, and most of the people posting here are other customers who don't work for BigFix. Those of us who do, are posting here in our spare time.

This isn't something that should be taken as "code for hire", especially at the bargain price of "free". I'm always happy to help, but what you're asking is quite a complex thing that will take some time in development and troubleshooting.

If you want to take the time to build up your skills so you can work through something like this, I think it's an investment that's worthwhile. Once you figure out dealing with the HTML and JavaScript, the possibilities really are endless for what you can do with Console Dashboards.

Reading this thread a second time...it's not clear to me, are you passing your textbox values when you take action?

In the body of your Description, you have to create a script tag. In the Script tag, you have to override the onTakeAction event, and either use TakeFixletAction() or TakeSecureFixletAction() to pass your parameters when executing the action. One example below with link:

 <script>
                            document.body.ontakeaction = function() {
                            var thePass = document.getElementById( "pwd" ).value;
                            var theAccount = document.getElementById( "accname" ).value;
                            TakeSecureFixletAction( Relevance('id of current fixlet'), Relevance('id of current bes site'), "Action1", {account: theAccount}, { password: thePass } );
                            return false;
                            }
                    </script> 

https://forum.bigfix.com/t/compare-entry-fields-in-parameterized-fixlet/51505/2?u=jasonwalker

D.Dean · March 10, 2026, 5:15pm

I have no java coding experience at all but I did download the "Secret" password passing task a couple of years ago and used that to learn how to pass input boxes.

SLB · March 10, 2026, 9:25pm

A few years ago I used the same article @D.Dean referred to and expanded on it to create an customizable fixlet for setting maintenance windows. Maybe you can use it along with the article to develop one that fits your needs. For my use case, when selecting an Image Class, it sets predefined settings but you probably don’t need that so can cut out some of the javascript.

Maintenance Window configurator_Gen.bes (20.2 KB)

Jstev · March 11, 2026, 12:46am

That is very cool. I could see some valuable use cases for that. I do have a question though, out of curiosity what are the Mandatory Advertisements referring to?

evgeny · March 11, 2026, 5:46am

The problem is that i'm not a programmer totally. I don't know HTML, Java or something else. And it is not so important case, but very interesting. And you someone can share his skills and help, all of forum participants could understand it and create their own fixlets. Because many things are not in the box of BigFix. Many much more useful things we could create and share with other users.

evgeny · March 11, 2026, 5:48am

Thank you for sharing. I will try to read this config and try to understand.