Windows Firewall is a powerful tool that can help protect your computer from unauthorized access. You can configure Windows Firewall to block specific types of traffic, or allow specific types of traffic. You can also set up rules to automatically block certain types of traffic when it’s detected, or to allow specific types of traffic when it’s detected. To configure Windows Firewall with PowerShell, you first need to create a new Windows Firewall policy. To create a new policy, open the Windows Firewall Properties dialog box and click the New button. In the New Policy dialog box, enter the following information into the Policy Name field: Policy Name: MyNewFirewallPolicy Description: This is a new Windows Firewall policy that will block all traffic except for those that are specifically allowed by the rule. In the Allow Traffic field, enter the type of traffic you want to allow. You can enter any type of traffic you want in this field, but be sure to use only one type of traffic at a time in this field. For example, if you want to allow all Internet Traffic, enter “Internet.” In the Block Traffic field, enter the name of your existing rule that will be used to block these specific types of traffic. For example, if you have an existing rule that blocks all packets with an IP address greater than 192.168.1., enter “192.168.1..” In the Deny Traffic field, enter the name of your existing rule that will be used to deny these specific types of traffic from being blocked by this policy. For example, if you have an existing rule that denies all packets with an IP address less than 192.., enter “192..” In order for this policy to work properly, your computer must have two rules configured as part of its Windows Firewall configuration–one for blocking Internet Traffic and one for allowing Internet Traffic. If your computer does not have two rules configured as part of its Windows
Windows contains a robust, yet easy to use, advanced firewall, and using PowerShell 7 we can easily configure the firewall from the command line. This article covers common commands used in the Windows Firewall and where they may be used.
The module NetSecurity is well documented. Keep in mind that this article only applies to the Windows operating system. For other operating systems, there are other command-line tools that can be used to do the same type of functions such as UFW or IPTables on Linux.
Loading the NetSecurity Module
The NetSecurity module, built-in and offered by Microsoft, contains all of the functionality needed to add, remove, and modify firewall rules. To load the module, simply import the module as shown below.
List Existing Firewall Rules
The cmdlet, Get-NetFirewallRule will show all existing firewall rules. There are many, by default, so to demonstrate, we output the first 10.
There are many properties that are returned by Get-NetFirewallRule. Though we list only a properties above, running Get-NetFirewallRule | Select-Object * -First 1, will list all available.
Create a New Firewall Rule
There are many different ways to create a new Firewall rule but the command that does this is Net-NewFirewallRule. The basic properties that need to be filled in are:
DisplayName – The friendly name of the firewall rule Direction – Whether to block traffic leaving the computer Outbound or coming into the computer Inbound Action – What action to take if the rule is met, Allow or Block
$Params = @{ “DisplayName” = ‘Block WINS’ “Direction” = ‘Inbound’ “Action” = ‘Block’ “RemoteAddress” = ‘WINS’ }
New-NetFirewallRule @Params If the Name parameter is not used, then a random GUID is used. The DisplayName may be human readable but the Name itself assigned a random GUID.
Modify an Existing Firewall Rule
What if we want to modify an existing rule without removing and recreating the rule entirely. To do so, we should run the Set-NetFirewallRule, and will allow us to modify the firewall rule as necessary.
Other useful abilities that the Set-NetFirewallRule has is the ability to operate on multiple rules at once. This can be done by locating rules by one of three parameters.
NameThis is the default and if names are set in via the pipeline or a string array then each will acted upon. DisplayNameSimilar to Name, multiple pipelined objects or a string array will modify those rules accordingly. DisplayGroup or GroupIf rules are grouped together, all of those rules grouped can be acted upon at once.
Remove an Existing Firewall Rule
Finally, we would like to remove the existing rule as it may no longer be needed. To do this, run the command Remove-NetFirewallRule. When you do so, it is often wise to use the WhatIf parameter to verify that the rule is the correct one to remove.
It’s important to note that the Remove-NetFirewallRule can remove multiple rules at once. An example of this type of functionality is below. The below rule will remove all disabled rules contained within the policy firewall_gpo in the ad.local.test domain.
A useful command, but potentially dangerous, is running Remove-NetFirewallFule by itself which removes all of the static local firewall rules that have been created. If you have a domain GPO that defines firewall rules, this will remove any that may conflict with those GPO defined rules.
Additional Functionality
There are many other commands available within the NetSecurity module. Though we don’t cover them all here, a few notable commands are shown below to demonstrate how extensive the module is.
Copy-NetFirewallRuleThis command will copy an existing firewall rule and all associated filters to the same or different policy store. Disable-NetFirewallRuleThis will disable a previously enabled firewall rule. The rule will still exist, but not actively modify any network data. If you run this command without any parameters, it will disable all active rules on the target computer. It is advised to always run this command with the WhatIf parameter if not targeting a specific rule or set of rules. Enable-NetFirewallRuleLike the Disable-NetFirewallRule, this command will enable a previously disabled rule or set of rules. If this command is run without any parameters it will enable all previously disabled rules. It is advised to always run this command with the WhatIf parameter if not targeting a specific rule or set of rules. Get-NetFirewallProfileThis command shows the currently configured options for a specified profile, such as the Domain, Private, or Public profiles. Get-NetFirewallSettingThe global firewall settings can be retrieved by using the Get-NetFirewallSetting command. These settings include such options as certificate options, packet queueing, or authorization lists. Rename-NetFirewallRuleTo rename an existing firewall rule, use the Rename-NetFirewallRule command. This is useful if a rule was created without a specified name, thereby receiving a random GUID as it’s name, and it is preferred to have a human-readable name assigned. Set-NetFirewallProfileTo set specific settings for individual profiles, use the Set-NetFirewallProfile command. This allows each profile to have distinct settings. Set-NetFirewallSettingThis command configures global firewall behaviors that apply regardless of the network profile currently in use. Show-NetFirewallRuleThis helper command will show the firewall rules and their associated objects in a formatted list.
There is extensive IPSec functionality contained within the module. The commands listed above are those that operate on the standard Windows Firewall settings.
Conclusion
There are many available commands for managing the Windows Firewall. This article only touches on a few of them, notably the most important commands to quickly list, create, modify, and remove firewall rules. Even complex firewall configurations can be accomplished strictly through the command line using the NetSecurity PowerShell module!
