POSHTIP #31 – List Active Rules Of Your Windows Firewall

PoshTip #31 – List Active Rules Of Your Windows Firewall

PowerShell can help you to manage your Windows Firewall rules easily. First, we will list all the cmdlets which contain the “firewall” keyword:

PS > Get-Command *-*firewall*

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Function        Copy-NetFirewallRule                               2.0.0.0    NetSecurity
Function        Disable-NetFirewallRule                            2.0.0.0    NetSecurity
Function        Enable-NetFirewallRule                             2.0.0.0    NetSecurity
Function        Get-NetFirewallAddressFilter                       2.0.0.0    NetSecurity
Function        Get-NetFirewallApplicationFilter                   2.0.0.0    NetSecurity
Function        Get-NetFirewallInterfaceFilter                     2.0.0.0    NetSecurity
Function        Get-NetFirewallInterfaceTypeFilter                 2.0.0.0    NetSecurity
Function        Get-NetFirewallPortFilter                          2.0.0.0    NetSecurity
Function        Get-NetFirewallProfile                             2.0.0.0    NetSecurity
Function        Get-NetFirewallRule                                2.0.0.0    NetSecurity
Function        Get-NetFirewallSecurityFilter                      2.0.0.0    NetSecurity
Function        Get-NetFirewallServiceFilter                       2.0.0.0    NetSecurity
Function        Get-NetFirewallSetting                             2.0.0.0    NetSecurity
Function        New-NetFirewallRule                                2.0.0.0    NetSecurity
Function        Remove-NetFirewallRule                             2.0.0.0    NetSecurity
Function        Rename-NetFirewallRule                             2.0.0.0    NetSecurity
Function        Set-NetFirewallAddressFilter                       2.0.0.0    NetSecurity
Function        Set-NetFirewallApplicationFilter                   2.0.0.0    NetSecurity
Function        Set-NetFirewallInterfaceFilter                     2.0.0.0    NetSecurity
Function        Set-NetFirewallInterfaceTypeFilter                 2.0.0.0    NetSecurity
Function        Set-NetFirewallPortFilter                          2.0.0.0    NetSecurity
Function        Set-NetFirewallProfile                             2.0.0.0    NetSecurity
Function        Set-NetFirewallRule                                2.0.0.0    NetSecurity
Function        Set-NetFirewallSecurityFilter                      2.0.0.0    NetSecurity
Function        Set-NetFirewallServiceFilter                       2.0.0.0    NetSecurity
Function        Set-NetFirewallSetting                             2.0.0.0    NetSecurity
Function        Show-NetFirewallRule                               2.0.0.0    NetSecurity

OK, there are many cmdlets which are members of the “NetSecurity” module. This PowerShell Tip explains how to list firewall rules, so let’s start with the “Show-NetFirewallRule”:

PS > Show-NetfirewallRule

-----------------------------------------------------------------------------------------------



Name                       : vm-monitoring-dcom
DisplayName                : Virtual Machine Monitoring (DCOM-In)
Description                : Allow DCOM traffic for remote Windows Management Instrumentation.
DisplayGroup               : Virtual Machine Monitoring
Group                      : @icsvc.dll,-700
Enabled                    : False
Profile                    : Any
Platform                   :
Direction                  : Inbound
Action                     : Allow
EdgeTraversalPolicy        : Block

....

Many results, so they have been truncated. To analyse results, you can add some filters like the followings:

PS > Show-NetfirewallRule| sort direction | ? enabled -eq "true" | ft -property @{label="Name" ; expression={$_.displayname}}, @{label="Direction" ; expression={$_.direction
}}

Name                                                                       Direction
----                                                                       ---------
Remote Assistance (PNRP-In)                                                  Inbound
Core Networking - Router Advertisement (ICMPv6-In)                           Inbound
Network Discovery (WSD-In)                                                   Inbound
Obtenir Office                                                               Inbound
Network Discovery (WSD-In)                                                   Inbound
MSN Météo                                                                    Inbound
Network Discovery (NB-Datagram-In)                                           Inbound
Windows Store                                                                Inbound
Microsoft Messaging                                                          Inbound

The above command only displays your active firewall rules sorted by “Direction”. You can also sort by:

  • Action
  • Profile
  • Owner
  • ….

Thanks for reading! You can follow me on Twitter @PrigentNico

About Nicolas 282 Articles
I work as an IT Production Manager, based in Paris (France) with a primary focus on Microsoft technologies. I have 10 years experience in administering Windows Servers. . I am a Microsoft MVP for Cloud & Datacenter Management. I also received the PowerShell Hero 2016 award by PowerShell.0rg. And finally, I am "MCSE: Cloud Platform and Infrastructure", "MCSA: Windows Servers", "Administering & Deploying SCCM", and CheckPoint CCSA certified.