PoshTip #31 – List Active Rules Of Your Windows Firewall
PowerShell can help you to manage your Windows Firewall rules easily. First, we will list all the cmdlets which contain the “firewall” keyword:
PS > Get-Command *-*firewall* CommandType Name Version Source ----------- ---- ------- ------ Function Copy-NetFirewallRule 2.0.0.0 NetSecurity Function Disable-NetFirewallRule 2.0.0.0 NetSecurity Function Enable-NetFirewallRule 2.0.0.0 NetSecurity Function Get-NetFirewallAddressFilter 2.0.0.0 NetSecurity Function Get-NetFirewallApplicationFilter 2.0.0.0 NetSecurity Function Get-NetFirewallInterfaceFilter 2.0.0.0 NetSecurity Function Get-NetFirewallInterfaceTypeFilter 2.0.0.0 NetSecurity Function Get-NetFirewallPortFilter 2.0.0.0 NetSecurity Function Get-NetFirewallProfile 2.0.0.0 NetSecurity Function Get-NetFirewallRule 2.0.0.0 NetSecurity Function Get-NetFirewallSecurityFilter 2.0.0.0 NetSecurity Function Get-NetFirewallServiceFilter 2.0.0.0 NetSecurity Function Get-NetFirewallSetting 2.0.0.0 NetSecurity Function New-NetFirewallRule 2.0.0.0 NetSecurity Function Remove-NetFirewallRule 2.0.0.0 NetSecurity Function Rename-NetFirewallRule 2.0.0.0 NetSecurity Function Set-NetFirewallAddressFilter 2.0.0.0 NetSecurity Function Set-NetFirewallApplicationFilter 2.0.0.0 NetSecurity Function Set-NetFirewallInterfaceFilter 2.0.0.0 NetSecurity Function Set-NetFirewallInterfaceTypeFilter 2.0.0.0 NetSecurity Function Set-NetFirewallPortFilter 2.0.0.0 NetSecurity Function Set-NetFirewallProfile 2.0.0.0 NetSecurity Function Set-NetFirewallRule 2.0.0.0 NetSecurity Function Set-NetFirewallSecurityFilter 2.0.0.0 NetSecurity Function Set-NetFirewallServiceFilter 2.0.0.0 NetSecurity Function Set-NetFirewallSetting 2.0.0.0 NetSecurity Function Show-NetFirewallRule 2.0.0.0 NetSecurity
OK, there are many cmdlets which are members of the “NetSecurity” module. This PowerShell Tip explains how to list firewall rules, so let’s start with the “Show-NetFirewallRule”:
PS > Show-NetfirewallRule ----------------------------------------------------------------------------------------------- Name : vm-monitoring-dcom DisplayName : Virtual Machine Monitoring (DCOM-In) Description : Allow DCOM traffic for remote Windows Management Instrumentation. DisplayGroup : Virtual Machine Monitoring Group : @icsvc.dll,-700 Enabled : False Profile : Any Platform : Direction : Inbound Action : Allow EdgeTraversalPolicy : Block ....
Many results, so they have been truncated. To analyse results, you can add some filters like the followings:
PS > Show-NetfirewallRule| sort direction | ? enabled -eq "true" | ft -property @{label="Name" ; expression={$_.displayname}}, @{label="Direction" ; expression={$_.direction }} Name Direction ---- --------- Remote Assistance (PNRP-In) Inbound Core Networking - Router Advertisement (ICMPv6-In) Inbound Network Discovery (WSD-In) Inbound Obtenir Office Inbound Network Discovery (WSD-In) Inbound MSN Météo Inbound Network Discovery (NB-Datagram-In) Inbound Windows Store Inbound Microsoft Messaging Inbound
The above command only displays your active firewall rules sorted by “Direction”. You can also sort by:
- Action
- Profile
- Owner
- ….
Thanks for reading! You can follow me on Twitter @PrigentNico