Firewall Rules and PoSh

Hi there, my first post and newbie with PoSh.

I am trying to figure out a way to get the details of all the enabled FW rules through PoSh.

Currently I am using the

`Get-NetFirewallRule -Enabled -Enabled True’

The output of this gives me all the true enabled rules but it does not provide all the details like, -LocalAddress; -LocalPort; -RemoteAddress; -RemotePort details.

So after investigations it looks like the Get-NetTCPConnection cmd will give TCP Port and IP detaisl but only from active connections - not what is embedded in a firewallrule.

What I am trying to do is provide a script to a enduser with admin privileges to check a machine based GPO FW rule when testing and requesting exceptions.

Does that make sense?

What is frustrating is I can (under admin context) review the registry hive where the rules are kept but and end user would not see that as we lock down access to regedit.

Any help would be greatly appreciated.

TIA
Jim

Hi, welcome to the forum :wave:

You need to use the various firewall cmdlets in combination. For example, to get the addresses for a rule, you use Get-NetFirewallAddressFilter and to get the ports, you would use Get-NetFirewallPortFilter.

You can discover the cmdlets with Get-Command *NetFirewall*

Something like this should get you started:

foreach ($rule in (Get-NetFirewallRule -Enabled True)) {

   $addressDetail = $rule | Get-NetFirewallAddressFilter
   $portDetail    = $rule | Get-NetFirewallPortFilter

   [PSCustomObject]@{
      Name          = $rule.Name
      Direction     = $rule.Direction
      LocalAddress  = $addressDetail.LocalAddress
      RemoteAddress = $addressDetail.RemoteAddress
      LocalPort     = $portDetail.LocalPort
      RemotePort    = $portDetail.RemotePort
      Protocol      = $portDetail.Protocol
   }
   
}
1 Like

Awesome - thanks Matt really appreciate the assistance.