Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to determine Windows firewall rule's program path using Powershell Get-NetFirewallRule

Tags:

powershell

windows-firewall

We define a new Windows firewall rule for some program to accept inbound TCP connections on some port. This can be done using either netsh.exe utility or Powershell New-NetFirewallRule cmdlet. For a example, here's a sample command to allow notepad.exe to accept TCP connections on port 5001 (I know, notepad can't do that):

New-NetFirewallRule  -program "C:\windows\System32\notepad.exe" -direction Inbound -Action Allow -Protocol tcp -LocalPort 5001 -Name "Testing Notepad on port 5001" -DisplayName "Testing Notepad on port 5001"

To retrieve/view this rule, one can again use netsh.exe or Get-NetFirewallRule cmdlet.

Ideally we'd like to use Powershell Get-NetFirewallRule, but we are not able to view the actual program path that was used when the rule was created.

Here's the output of netsh.exe:

netsh advfirewall firewall show rule name="Testing Notepad on port 5001" verbose

Rule Name:                            Testing Notepad on port 5001
----------------------------------------------------------------------
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             TCP
LocalPort:                            5001
RemotePort:                           Any
Edge traversal:                       No
Program:                              C:\windows\System32\notepad.exe
InterfaceTypes:                       Any
Security:                             NotRequired
Rule source:                          Local Setting
Action:                               Allow
Ok.

Here's the output of Get-NetFirewallRule cmdlet:

Get-NetFirewallRule -Name "Testing Notepad on port 5001" | Format-list *

Name                    : Testing Notepad on port 5001
ID                      : Testing Notepad on port 5001
Group                   :
Platform                : {}
LSM                     : False
DisplayName             : Testing Notepad on port 5001
Enabled                 : True
Profile                 : Any
Direction               : Inbound
Action                  : Allow
EdgeTraversalPolicy     : Block
PrimaryStatus           : OK
Status                  : The rule was parsed successfully from the store.
                          (65536)
EnforcementStatus       : NotApplicable
PolicyStoreSourceType   : Local
Caption                 :
Description             :
ElementName             : Testing Notepad on port 5001
InstanceID              : Testing Notepad on port 5001
CommonName              :
PolicyKeywords          :
PolicyDecisionStrategy  : 2
PolicyRoles             :
ConditionListType       : 3
CreationClassName       : MSFT|FW|FirewallRule|Testing Notepad on port 5001
ExecutionStrategy       : 2
Mandatory               :
PolicyRuleName          :
Priority                :
RuleUsage               :
SequencedActions        : 3
SystemCreationClassName :
SystemName              :
DisplayGroup            :
LocalOnlyMapping        : False
LooseSourceMapping      : False
Owner                   :
Platforms               : {}
PolicyStoreSource       : PersistentStore
Profiles                : 0
RuleGroup               :
StatusCode              : 65536
PSComputerName          :
CimClass                : root/standardcimv2:MSFT_NetFirewallRule
CimInstanceProperties   : {Caption, Description, ElementName, InstanceID...}
CimSystemProperties     : Microsoft.Management.Infrastructure.CimSystemPropertieses

Any suggestions or ideas on retrieving program path, port, protocol, etc., using Powershell cmdlet?

like image 918
alexg Avatar asked Feb 13 '16 21:02

alexg

People also ask

How do I check firewall settings in PowerShell?

To get the setting using GUI, you need to search in the box Windows Firewall with Advanced Security or Windows Defender Firewall with Advanced Security. Then you can see in the console that 3 available profiles. The above same settings can be viewed with the PowerShell Get-NetFirewallProfile command.

What does the get-NetFirewallRule command do?

The Get-NetFirewallRule cmdlet returns the instances of firewall rules that match the search parameters from the user.

How do I check Windows Firewall status in PowerShell?

To get the current status of Windows Firewall using PowerShell, just type Get-NetFirewallProfile in the PowerShell window and press Enter. You'll be shown a list of all the network profiles, whether Windows Firewall is enabled for each profile and information about various other Windows Firewall settings.

Where are Windows Firewall rules stored?

Firewall rules are stored under the Software\Policies\Microsoft\WindowsFirewall\FirewallRules key. Each value under the key is a firewall rule.

1 Answers

You should use Get-NetFirewall*Filter cmdlets for this.

PS> Get-Command Get-NetFirewall*Filter

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Function        Get-NetFirewallAddressFilter                       2.0.0.0    NetSecurity
Function        Get-NetFirewallApplicationFilter                   2.0.0.0    NetSecurity
Function        Get-NetFirewallInterfaceFilter                     2.0.0.0    NetSecurity
Function        Get-NetFirewallInterfaceTypeFilter                 2.0.0.0    NetSecurity
Function        Get-NetFirewallPortFilter                          2.0.0.0    NetSecurity
Function        Get-NetFirewallSecurityFilter                      2.0.0.0    NetSecurity
Function        Get-NetFirewallServiceFilter                       2.0.0.0    NetSecurity

All of that cmdlets have -AssociatedNetFirewallRule parameter, which accepts pipeline input.

In your case, you can use following command:

Get-NetFirewallRule -Name "Testing Notepad on port 5001" | Get-NetFirewallApplicationFilter
like image 179
user4003407 Avatar answered Oct 07 '22 15:10

user4003407
Sign in to Comment

Related questions

Azure billing data API
Edit .XML file with Powershell, encoding
How to perform deployment swap on an Azure WebSite using Powershell?
How to read HDD S.M.A.R.T. attributes?
How to add synopsis/summary for a cmdlet in C#?
Import PowerShell module after install
Which version of XPath is installed
How to set "ConnectAs" user in IIS using Powershell
Alternative to Win32_Product?
reg unload and new key
Get all windows of a process in powershell
How do I detect if the test run was successful in a Team Build 2013 Post-Test script?
Enable Auto-start property in IIS 8 application pool for multiple servers
Powershell tail multiple files command
Why does $_ behave differently when in a .ps1 versus .psm1 files?
Executing Powershell on remove server fails when path to script is fully qualified
New-PSSession does not work locally
Powershell ISE wrongly interprets openssl.exe normal output as error
Pipelining between two SEPARATE Powershell processes
How to keep AzureRMAccount between sessions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!