Question:
I’m trying to find if a firewall rule already existing, with the same name, same configuration, like: localport.
So I use Get-NetFirewallRule to list all rules, but the rules returned do not contain the information of port, also some other information are missing. where can I find all the config of a rule. Below is the attributess returned:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
Name DisplayName Description DisplayGroup Group Enabled Profile Platform Direction Action EdgeTraversalPolicy LooseSourceMapping LocalOnlyMapping Owner PrimaryStatus Status EnforcementStatus PolicyStoreSource PolicyStoreSourceType |
Answer:
What I don’t think is understood by many, including me recently, is that the Get-NetFirewall*Filter commands provide a speedy shortcut to searching the firewall rules, like the -filter option does in other commands. If I were to do this, it would take a very long time:
|
1 2 3 |
Get-NetFirewallRule | Get-NetFirewallPortFilter | Where LocalPort -eq 3389 |
While this is almost instant:
|
1 2 |
Get-NetFirewallPortFilter | Where LocalPort -eq 3389 |
And Get-NetFirewallPortFilter actually returns the name of the firewall rule in the InstanceID property, which isn’t shown by default. That’s why you can pipe Get-NetFirewallPortFilter back into Get-NetFirewallRule.
|
1 2 3 |
Get-NetFirewallPortFilter | Where LocalPort -eq 3389 | Get-NetFirewallRule |
Here’s a function that gives netsh-like verbose output, with the ports, addresses, and applications:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
function mynetsh ($displayname) { $rule = get-netfirewallrule -displayname $displayname $address = $rule | Get-NetFirewallAddressFilter $port = $rule | Get-NetFirewallPortFilter $application = $rule | Get-NetFirewallApplicationFilter [pscustomobject]@{ DisplayName = $rule.DisplayName Description = $rule.Description Enabled = $rule.Enabled Direction = $rule.Direction Profile = $rule.Profile DisplayGroup = $rule.DisplayGroup LocalAddress = $address.LocalAddress RemoteAddress = $address.RemoteAddress Protocol = $port.Protocol LocalPort = $port.LocalPort RemotePort = $port.RemotePort EdgeTraversalPolicy = $rule.EdgeTraversalPolicy Program = $application.Program Action = $rule.Action } } mynetsh 'Remote Desktop - User Mode (TCP-In)' DisplayName : Remote Desktop - User Mode (TCP-In) Description : Inbound rule for the Remote Desktop service to allow RDP traffic. [TCP 3389] Enabled : False Direction : Inbound Profile : Any DisplayGroup : Remote Desktop LocalAddress : Any RemoteAddress : Any Protocol : TCP LocalPort : 3389 RemotePort : Any EdgeTraversalPolicy : Block Program : %SystemRoot%\system32\svchost.exe Action : Allow |