Configuring Windows Firewall Rules with PowerShell

This article offers the fundamentals on find out how to handle settings and guidelines of built-in Windows Defender Firewall with Advanced Security utilizing PowerShell. We’ll think about find out how to allow/disable the firewall for various community profiles, create or take away firewall guidelines and write a small PS script to get a handy desk displaying the present set of lively firewall guidelines.

You can handle Windows Firewall settings from the graphic console: Control Panel -> System and Security -> Windows Defender Firewall. However, beginning with Windows eight.1 (Windows Server 2012 R2) you need to use the built-in InternetSecurity PowerShell module to handle firewall.

Previously, the next command was used to handle Windows Firewall guidelines and settings: netsh advfirewall firewall

There are 85 instructions accessible within the InternetSecurity module on Windows 10. You can show the entire checklist:

Get-Command -Module InternetSecurity

powershell NetSecurity on windows 10 to manage windows defender advanced firewall

How to Manage Windows Firewall Network Profiles from PowerShell?

There are three forms of community profiles in Windows Firewall:

  • Domain – is utilized to the computer systems in an Active Directory area
  • Private – dwelling or company networks
  • Public – public networks

Windows Defender Firewall network location (profiles)

Each community profile (location) could differ by the set of firewall guidelines used. By default, all community interfaces of a pc are protected by the firewall, and all three forms of profiles are utilized to them.

To allow all three community profiles: Domain, Public and Private, use this command:

Set-InternetFirewallProfile -All -Enabled True

Or set the precise profile as a substitute All:

Set-InternetFirewallProfile -Profile Public -Enabled True

To disable the firewall for all three community location, use the command:

Set-InternetFirewallProfile -All -Enabled False

Using the Set-InternetFirewallProfile cmdlet, you possibly can change profile choices (a default motion, logging, a path to and a dimension of a log file, notification settings, and many others.).

You could know that in fashionable OS variations Windows Firewall is enabled for all profiles. All outbound connections are allowed and inbound ones are blocked (besides allowed ones) within the profile settings.

Let’s change the default motion for the Public profile to dam all inbound connections.

Set-InternetFirewallProfile –Name Public –DefaultInboundAction Block

You can show the present profile settings as follows:

Get-InternetFirewallProfile -Name Public

Set-NetFirewallProfile

If you , you possibly can show the present ensuing profile settings as follows:

Get-InternetFirewallProfile -policystore activestore

Make certain that each one firewall settings are utilized to all community interfaces of the pc.

Get-InternetFirewallProfile -Name Public | fl DisabledInterfaceAliases

If all interfaces are protected, the command will return the next:

DisabledInterfaceAliases : 

Get-NetFirewallProfile

You can disable the precise interface profile (to show the checklist of interface names, use the Get-NetIPInterface):

Set-InternetFirewallProfile -Name Public -DisabledInterfaceAliases "Ethernet0"

As you possibly can see, Public profile is not utilized to Ethernet0:

DisabledInterfaceAliases : 

disable public location for ehernet0 interface

You can set community connection logging choices on the profile stage. By default, Windows Firewall logs are saved in %systemrootpercentsystem32LogFilesFirewall, and the file dimension is 4MB. You can allow all connection logging and alter the utmost file dimension:

Set-NetFireWallProfile -Profile Domain -LogBlocked True -LogMaxSize 20000 -LogFileName ‘%systemrootpercentsystem32LogFilesFirewallpfirewall.log’

How to Create, Edit or Remove Windows Firewall Rules with PowerShell?

There are 9 cmdlets to handle your firewall guidelines:

  • New-InternetFirewallRule
  • Copy-InternetFirewallRule
  • Disable-InternetFirewallRule
  • Enable-InternetFirewallRule
  • Get-InternetFirewallRule
  • Remove-InternetFirewallRule
  • Rename-InternetFirewallRule
  • Set-InternetFirewallRule
  • Show-InternetFirewallRule

Let’s think about some easy examples of find out how to open ports in Windows Firewall.

For instance, if you wish to enable inbound TCP connections to ports 80 and 443 for Domain and Private profiles, use this command:

New-InternetFirewallRule -ShowName 'HTTP-Inbound' -Profile @('Domain', 'Private') -Direction Inbound -Action Allow -Protocol TCP -LocalPort @('80', '443')

New-NetFirewallRule create new firewall rule with powershell

You can enable or block community entry for an app. For instance, you wish to block outbound connections for Firefox:

New-InternetFirewallRule -Program “C:Program Files (x86)Mozilla Firefoxfirefox.exe” -Action Block -Profile Domain, Private -ShowName “Block Firefox browser” -Description “Block Firefox browser” -Direction Outbound

To enable inbound from one IP handle solely:

New-InternetFirewallRule -ShowName "AllowRDP" –RemoteAddress 192.168.2.200 -Direction Inbound -Protocol TCP –LocalPort 3389 -Action Allow

To enable ping (ICMP) for addresses from the required IP subnet or IP vary, use these instructions:

$ips = @("192.168.2.15-192.168.2.40", "192.168.100.15-192.168.100.200", ”10.1.zero.zero/16”)
New-InternetFirewallRule -ShowName "Allow inbound ICMPv4" -Direction Inbound -Protocol ICMPv4 -IcmpType eight -RemoteAddress $ips -Action Allow
New-InternetFirewallRule -ShowName "Allow inbound ICMPv6" -Direction Inbound -Protocol ICMPv6 -IcmpType eight -RemoteAddress $ips -Action Allow

In the earlier article we confirmed find out how to each by IP handle and by a website/web site DNS identify utilizing PowerShell.

In order to edit an current firewall rule, the Set-InternetFirewallRule cmdlet is used. For instance, to permit inbound connections from the required IP handle for the rule created earlier:

Get-InternetFirewallrule -ShowName 'HTTP-Inbound' | Get-InternetFirewallAddressFilter | Set-InternetFirewallAddressFilter -RemoteAddress 192.168.1.10

If you wish to add a number of IP addresses to a firewall rule, use this script:

$ips = @("192.168.2.15", "192.168.2.17",”192.168.100.15”)
Get-InternetFirewallrule -ShowName 'WEB-Inbound'|Set-InternetFirewallRule -RemoteAddress $ips

To show all IP addresses in a firewall rule:

Get-InternetFirewallrule -ShowName 'Allow inbound ICMPv4'|Get-InternetFirewallAddressFilter

Get-NetFirewallAddressFilter view IP adresses in firewall rule

You can allow/disable firewall guidelines utilizing Disable-InternetFirewallRule and Enable-InternetFirewallRule cmdlets.

Disable-InternetFirewallRule –ShowName 'WEB-Inbound'

To enable ICMP (ping), run this command:

Enable-InternetFirewallRule -Name FPS-ICMP4-ERQ-In

To take away a firewall rule, the Remove-InternetFirewallRule cmdlet is used.

Listing Windows Firewall Rules with PowerShell

You can show the checklist of lively firewall guidelines on your inbound site visitors as follows:

Get-InternetFirewallRule | the place |ft

If you wish to show the checklist of outbound blocking guidelines:

Get-InternetFirewallRule -Action Block -Enabled True -Direction Outbound

To show an app identify in a rule:

Get-InternetFirewallRule -Action Block -Enabled True -Direction Outbound | % Get-InternetFirewallApplicationFilter

Get-NetFirewallrule - view firewall rule properties

As you possibly can see, the Get-InternetFirewallRule cmdlet doesn’t present community ports and IP addresses on your firewall guidelines. To show the detailed details about allowed inbound (outbound) connections in a extra handy manner displaying the port numbers, use the next PowerShell script:

Get-InternetFirewallRule -Action Allow -Enabled True -Direction Inbound |
Format-Table -Property Name,
@,
@,
@,
@,
Enabled,Profile,Direction,Action

Use PowerShell to List Firewall Rules with port nubbers

PowerShell offers ample alternatives to handle Windows Firewall guidelines from the command immediate. You can robotically run PowerShell scripts to open/shut ports . In the following article, we’ll think about a easy PowerShell- and Windows Firewall-based answer to robotically block IP addresses attempting to remotely brute-force passwords over RDP in your Windows VDS server.

Check Also

KVM: How to Expand or Shrink a Virtual Machine Disk Size?

In this text we’ll speak about how to resize KVM digital machine disks for standard …

Leave a Reply

Your email address will not be published. Required fields are marked *