Using Disable-NetFirewallRule to disable firewall rules by local port number

tsame · June 13, 2019, 9:30am

Hello. I am trying to disable Windows firewall rules by local port number using powershell with Disable-NetFirewallRule. I checked the documentation of this command but could not find any parameters for local port. Can what I am looking for be done with Disable-NetFirewallRule? Or is there another command that can disable firewall rules by local port number?

kvprasoon · June 13, 2019, 11:29am

Try below one, it’s not an efficient solution, but working…

Get-NetFirewallRule | Get-NetFirewallPortFilter | Where-Object -FilterScript {$_.LocalPort -eq $PortNumber} | Disable-NetFirewallRule

tsame · June 14, 2019, 2:20am

Thanks that worked. I am curious to know, since the output of:

Get-NetFirewallRule | Get-NetFirewallPortFilter | Where-Object -FilterScript {$_.LocalPort -eq $PortNumber}

Is:

Protocol : TCP
LocalPort : 445
RemotePort : Any
IcmpType : Any
DynamicTarget : Any

How does Disable-NetFirewallRule know how to disable this rule since the name or display name is not part of this output?

kvprasoon · June 14, 2019, 4:01am

Get-NetFirewallRule gets all the firewall rules and pass the output to Get-NetFirewallPortFilter cmdlet which will identify the ports used by the rules(if any), Where-Object filters it for the relevant port… hence the final output will be relevant.

js2010 · June 14, 2019, 9:46am

This is where powershell is kind of an illusion. That’s only the default list view of the Get-NetFirewallPortFilter output. Try piping it to fl *. You can actually pipe it back to Get-NetFirewallRule too. Get-date and select-string have default custom views.

# an example of port 80
Get-NetFirewallRule | Get-NetFirewallPortFilter | 
Where-Object -FilterScript {$_.LocalPort -eq $PortNumber} | Format-List *

Protocol                : TCP
LocalPort               : 80
RemotePort              : Any
IcmpType                : Any
DynamicTarget           : Any
DynamicTransport        : Any
Caption                 :
Description             :
ElementName             :
InstanceID              : WINRM-HTTP-Compat-In-TCP-NoScope
CommunicationStatus     :
DetailedStatus          :
HealthState             :
InstallDate             :
Name                    :
OperatingStatus         :
OperationalStatus       :
PrimaryStatus           :
Status                  :
StatusDescriptions      :
CreationClassName       : MSFT|FW|FirewallRule|WINRM-HTTP-Compat-In-TCP-NoScope
IsNegated               :
SystemCreationClassName :
SystemName              :
PSComputerName          :
CimClass                : root/standardcimv2:MSFT_NetProtocolPortFilter
CimInstanceProperties   : {Caption, Description, ElementName, InstanceID, CommunicationStatus, DetailedStatus, HealthState, InstallDate, Name, OperatingStatus, OperationalStatus,
                          PrimaryStatus, Status, StatusDescriptions, CreationClassName, IsNegated, SystemCreationClassName, SystemName, DynamicTransport, IcmpType, LocalPort,
                          Protocol, RemotePort}
CimSystemProperties     : Microsoft.Management.Infrastructure.CimSystemProperties

Topic		Replies	Views
How to get the local port ?? PowerShell Help	1	135	May 12, 2017
Firewall: Get port and rule information PowerShell Help	1	211	May 4, 2017
Firewall Rules and PoSh PowerShell Help	2	162	December 3, 2021
Problem with Get-NetFirewallProfile PowerShell Help	6	841	September 12, 2017
Resource Monitor and Listening Ports PowerShell Help	1	179	September 12, 2020

Using Disable-NetFirewallRule to disable firewall rules by local port number

Related Topics