Create Firewall Rule


I’m attempting to use Powershell v3 (on Windows 2008R2) to create a new firewall rule.
I’ve found that the helpful new cmdlets only work on Win2k12 or Win8. So I’m trying to find a way using Powershell v2.

Does anyone have a quick script they can share? Othewise here is what I’m working with so far, with little success.
Import-Module ServerManager

$FWPath = ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules’
New-ItemProperty -Path $FWPath -Name TEST_Allow_Secure_HTTPS_Ports -Type String -Value ‘v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1443,2443,3443,4443,5443,6443,7443,8443,9443|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30502|Desc=@%windir%\system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30503|’

Yeah, so, you’ve figured this out, but for the benefit of anyone running across this…

The version of PowerShell you use doesn’t necessarily confer specific capabilities. Capability is part of the OS version. So on Win2012/Win8, you get more commands - therefore, more capability - than you do on older versions of Windows, regardless of which PowerShell version you’re using. So whether you’re using PowerShell v3 or v2 doesn’t matter. Neither of them come with firewall commands. Win2012 comes with firewall commands.

Have you considered looking at the “netsh advfirewall” command? - intended to offer command-line management of the firewall, and completely usable from Cmd.exe or from PowerShell. I don’t think it’s strictly recommended that you hack the registry directly - my impression has always been that’s there mainly for use by GPO-based firewall management.

You can also use the HNetCfg.FwMgr COM object

Thanks Richard, I had tried going down that path but it seemed far more difficult than necessary.
Thanks, Don, I went with the NetSH approach as suggested. I initially looked at this, but was hoping to find a more powershell-ish way of doing this.
Just in case someone else needs an example in the future, here is what I ended up doing:

#Set Firewall to allow secure ports 1443,2443,3443,4443 1443, 2443, 3443 | %{ write-verbose "Firewall: Checking if secure port is allowed: $_" $ruleExist=(netsh advfirewall firewall show rule name="VCI: Allow HTTPS $_") if ($ruleExist -cmatch "HTTPS $_"){ write-verbose "Port $_ rule already exists" }else{ write-verbose "Port $_ missing, creating firewall rule" netsh advfirewall firewall add rule name="VCI: Allow HTTPS $_" dir=in action=allow enable=yes Localip=Any LocalPort=$_ protocol=TCP }