Managing Firewall Rules with PowerShell in Windows

Windows contains a robust, yet easy to use, advanced firewall, and using PowerShell 7 we can easily configure the firewall from the command line. This article covers common commands used in the Windows Firewall and where they may be used.

The module NetSecurity is well documented. Keep in mind that this article only applies to the Windows operating system. For other operating systems, there are other command-line tools that can be used to do the same type of functions such as UFW or IPTables on Linux.

Loading the NetSecurity Module

The NetSecurity module, built-in and offered by Microsoft, contains all of the functionality needed to add, remove, and modify firewall rules. To load the module, simply import the module as shown below.

Import-Module -Name 'NetSecurity'

List Existing Firewall Rules

The cmdlet, Get-NetFirewallRule will show all existing firewall rules. There are many, by default, so to demonstrate, we output the first 10.

Get-NetFirewallRule | Select-Object DisplayName, Enabled, Direction, Action -First 10

There are many properties that are returned by Get-NetFirewallRule. Though we list only a properties above, running Get-NetFirewallRule | Select-Object * -First 1, will list all available.

Create a New Firewall Rule

There are many different ways to create a new Firewall rule but the command that does this is [Net-NewFirewallRule](<https://docs.microsoft.com/en-us/powershell/module/netsecurity/new-netfirewallrule?view=win10-ps>). The basic properties that need to be filled in are:

• DisplayName – The friendly name of the firewall rule
• Direction – Whether to block traffic leaving the computer Outbound or coming into the computer Inbound
• Action – What action to take if the rule is met, Allow or Block

$Params = @{ "DisplayName" = 'Block WINS' "Direction" = 'Inbound' "Action" = 'Block' "RemoteAddress" = 'WINS' }

New-NetFirewallRule @Params
If the Name parameter is not used, then a random GUID is used. The DisplayName may be human readable but the Name itself assigned a random GUID.

Modify an Existing Firewall Rule

What if we want to modify an existing rule without removing and recreating the rule entirely. To do so, we should run the Set-NetFirewallRule, and will allow us to modify the firewall rule as necessary.

$Params = @{
 "DisplayName"   = 'Block WINS'
 "Action"        = 'Allow'
}

Set-NetFirewallRule @Params

Other useful abilities that the Set-NetFirewallRule has is the ability to operate on multiple rules at once. This can be done by locating rules by one of three parameters.

• NameThis is the default and if names are set in via the pipeline or a string array then each will acted upon.
• DisplayNameSimilar to Name, multiple pipelined objects or a string array will modify those rules accordingly.
• DisplayGroup or GroupIf rules are grouped together, all of those rules grouped can be acted upon at once.

Remove an Existing Firewall Rule

Finally, we would like to remove the existing rule as it may no longer be needed. To do this, run the command Remove-NetFirewallRule. When you do so, it is often wise to use the WhatIf parameter to verify that the rule is the correct one to remove.

Remove-NetFirewallRule -DisplayName "Block WINS"

It’s important to note that the Remove-NetFirewallRule can remove multiple rules at once. An example of this type of functionality is below. The below rule will remove all disabled rules contained within the policy firewall_gpo in the ad.local.test domain.

Remove-NetFirewallRule -Enabled 'False' -PolicyStore 'ad.local.test\\firewall_gpo'

A useful command, but potentially dangerous, is running Remove-NetFirewallFule by itself which removes all of the static local firewall rules that have been created. If you have a domain GPO that defines firewall rules, this will remove any that may conflict with those GPO defined rules.

Additional Functionality

There are many other commands available within the NetSecurity module. Though we don’t cover them all here, a few notable commands are shown below to demonstrate how extensive the module is.

• Copy-NetFirewallRuleThis command will copy an existing firewall rule and all associated filters to the same or different policy store.
• Disable-NetFirewallRuleThis will disable a previously enabled firewall rule. The rule will still exist, but not actively modify any network data.If you run this command without any parameters, it will disable all active rules on the target computer. It is advised to always run this command with the WhatIf parameter if not targeting a specific rule or set of rules.
• Enable-NetFirewallRuleLike the Disable-NetFirewallRule, this command will enable a previously disabled rule or set of rules.If this command is run without any parameters it will enable all previously disabled rules. It is advised to always run this command with the WhatIf parameter if not targeting a specific rule or set of rules.
• Get-NetFirewallProfileThis command shows the currently configured options for a specified profile, such as the Domain, Private, or Public profiles.
• Get-NetFirewallSettingThe global firewall settings can be retrieved by using the Get-NetFirewallSetting command. These settings include such options as certificate options, packet queueing, or authorization lists.
• Rename-NetFirewallRuleTo rename an existing firewall rule, use the Rename-NetFirewallRule command. This is useful if a rule was created without a specified name, thereby receiving a random GUID as it’s name, and it is preferred to have a human-readable name assigned.
• Set-NetFirewallProfileTo set specific settings for individual profiles, use the Set-NetFirewallProfile command. This allows each profile to have distinct settings.
• Set-NetFirewallSettingThis command configures global firewall behaviors that apply regardless of the network profile currently in use.
• Show-NetFirewallRuleThis helper command will show the firewall rules and their associated objects in a formatted list.

There is extensive IPSec functionality contained within the module. The commands listed above are those that operate on the standard Windows Firewall settings.

Conclusion

There are many available commands for managing the Windows Firewall. This article only touches on a few of them, notably the most important commands to quickly list, create, modify, and remove firewall rules. Even complex firewall configurations can be accomplished strictly through the command line using the NetSecurity PowerShell module!

Related Posts

• Microsoft Will Merge UWP and Win32 Apps With Project Reunion Microsoft Windows 10 is fragmented between new Univeral Windows Platform (UWP) apps and classic desktop (Win32) apps. At Build 2020, Microsoft an… Read More
• The New Windows Terminal Is Ready; Here’s Why It’s Amazing Microsoft Microsoft’s new Windows Terminal is finally stable. Windows finally has a more modern terminal environment including features like tabs, split pa… Read More
• Getting started with your new Windows 10 laptop How to get yourself all setup So, you've just bought a shiny new laptop or tablet. It's unpacked, plugged in, and running great. However, what should you… Read More
• Windows 10’s PowerToys Get a Launcher and Keyboard Remapper Microsoft We love Microsoft’s PowerToys, a free, and open-source collection of useful utilities for Windows 10. With the release of PowerToy… Read More
• Windows 10 Is Getting Graphical Linux Apps With GPU Support Larry Ewing Windows 10’s Windows Subsystem for Linux is already extremely powerful, even including a built-in Linux kernel with WSL 2.0… Read More

Related Posts

how to use Vimium to Browse with th...

how to fix Windows 10 May 2020 Upda...

Windows 3.0 Is 30 Years Old: Here’s...