Menu
We define a new Windows firewall rule for some program to accept inbound TCP connections on some port. This can be done using either netsh.exe utility or Powershell New-NetFirewallRule cmdlet. For a example, here's a sample command to allow notepad.exe to accept TCP connections on port 5001 (I know, notepad can't do that):
New-NetFirewallRule -program "C:\windows\System32\notepad.exe" -direction Inbound -Action Allow -Protocol tcp -LocalPort 5001 -Name "Testing Notepad on port 5001" -DisplayName "Testing Notepad on port 5001"
To retrieve/view this rule, one can again use netsh.exe or Get-NetFirewallRule cmdlet.
Ideally we'd like to use Powershell Get-NetFirewallRule, but we are not able to view the actual program path that was used when the rule was created.
Here's the output of netsh.exe:
netsh advfirewall firewall show rule name="Testing Notepad on port 5001" verbose
Rule Name: Testing Notepad on port 5001
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: TCP
LocalPort: 5001
RemotePort: Any
Edge traversal: No
Program: C:\windows\System32\notepad.exe
InterfaceTypes: Any
Security: NotRequired
Rule source: Local Setting
Action: Allow
Ok.
Here's the output of Get-NetFirewallRule cmdlet:
Get-NetFirewallRule -Name "Testing Notepad on port 5001" | Format-list *
Name : Testing Notepad on port 5001
ID : Testing Notepad on port 5001
Group :
Platform : {}
LSM : False
DisplayName : Testing Notepad on port 5001
Enabled : True
Profile : Any
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
PrimaryStatus : OK
Status : The rule was parsed successfully from the store.
(65536)
EnforcementStatus : NotApplicable
PolicyStoreSourceType : Local
Caption :
Description :
ElementName : Testing Notepad on port 5001
InstanceID : Testing Notepad on port 5001
CommonName :
PolicyKeywords :
PolicyDecisionStrategy : 2
PolicyRoles :
ConditionListType : 3
CreationClassName : MSFT|FW|FirewallRule|Testing Notepad on port 5001
ExecutionStrategy : 2
Mandatory :
PolicyRuleName :
Priority :
RuleUsage :
SequencedActions : 3
SystemCreationClassName :
SystemName :
DisplayGroup :
LocalOnlyMapping : False
LooseSourceMapping : False
Owner :
Platforms : {}
PolicyStoreSource : PersistentStore
Profiles : 0
RuleGroup :
StatusCode : 65536
PSComputerName :
CimClass : root/standardcimv2:MSFT_NetFirewallRule
CimInstanceProperties : {Caption, Description, ElementName, InstanceID...}
CimSystemProperties : Microsoft.Management.Infrastructure.CimSystemPropertieses
Any suggestions or ideas on retrieving program path, port, protocol, etc., using Powershell cmdlet?
918
To get the setting using GUI, you need to search in the box Windows Firewall with Advanced Security or Windows Defender Firewall with Advanced Security. Then you can see in the console that 3 available profiles. The above same settings can be viewed with the PowerShell Get-NetFirewallProfile command.
The Get-NetFirewallRule cmdlet returns the instances of firewall rules that match the search parameters from the user.
To get the current status of Windows Firewall using PowerShell, just type Get-NetFirewallProfile in the PowerShell window and press Enter. You'll be shown a list of all the network profiles, whether Windows Firewall is enabled for each profile and information about various other Windows Firewall settings.
Firewall rules are stored under the Software\Policies\Microsoft\WindowsFirewall\FirewallRules key. Each value under the key is a firewall rule.
You should use Get-NetFirewall*Filter cmdlets for this.
PS> Get-Command Get-NetFirewall*Filter
CommandType Name Version Source
----------- ---- ------- ------
Function Get-NetFirewallAddressFilter 2.0.0.0 NetSecurity
Function Get-NetFirewallApplicationFilter 2.0.0.0 NetSecurity
Function Get-NetFirewallInterfaceFilter 2.0.0.0 NetSecurity
Function Get-NetFirewallInterfaceTypeFilter 2.0.0.0 NetSecurity
Function Get-NetFirewallPortFilter 2.0.0.0 NetSecurity
Function Get-NetFirewallSecurityFilter 2.0.0.0 NetSecurity
Function Get-NetFirewallServiceFilter 2.0.0.0 NetSecurity
All of that cmdlets have -AssociatedNetFirewallRule parameter, which accepts pipeline input.
In your case, you can use following command:
Get-NetFirewallRule -Name "Testing Notepad on port 5001" | Get-NetFirewallApplicationFilter
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
