Carl Webster Accessibility Statement

Carl Webster is committed to facilitating the accessibility and usability of its website, carlwebster.com, for everyone. Carl Webster aims to comply with all applicable standards, including the World Wide Web Consortium’s Web Content Accessibility Guidelines 2.0 up to Level AA (WCAG 2.0 AA). Carl Webster is proud of the efforts that we have completed and that are in-progress to ensure that our website is accessible to everyone.

If you experience any difficulty in accessing any part of this website, please feel free to email us at info@carlwebster.com and we will work with you to provide the information or service you seek through an alternate communication method that is accessible for you consistent with applicable law (for example, through telephone support).

  • Listing Windows Firewall Rules Using Microsoft PowerShell

    November 16, 2012

    PowerShell

    At a customer site recently, I needed a way to list all the Enabled Windows Firewall Inbound Rules.  I could not get what I needed by using the Windows

    netsh advfirewall monitor show firewall rule name=all dir=in

    command so I turned to using PowerShell.

    I found the following article by James O’Neill that helped me get started.

    http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx

    What I needed for a headstart was the following code from James’ article:

    Function Get-FireWallRule
    {Param ($Name, $Direction, $Enabled, $Protocol, $profile, $action, $grouping)
    $Rules=(New-object –comObject HNetCfg.FwPolicy2).rules
    If ($name)      {$rules= $rules | where-object {$_.name     -like $name}}
    If ($direction) {$rules= $rules | where-object {$_.direction  -eq $direction}}
    If ($Enabled)   {$rules= $rules | where-object {$_.Enabled    -eq $Enabled}}
    If ($protocol)  {$rules= $rules | where-object {$_.protocol   -eq $protocol}}
    If ($profile)   {$rules= $rules | where-object {$_.Profiles -bAND $profile}}
    If ($Action)    {$rules= $rules | where-object {$_.Action     -eq $Action}}
    If ($Grouping)  {$rules= $rules | where-object {$_.Grouping -like $Grouping}}
    $rules}
    
    Get-firewallRule -enabled $true | sort direction,applicationName,name |
    format-table -wrap -autosize -property Name, @{Label=”Action”; expression={$Fwaction[$_.action]}},
    @{label="Direction";expression={ $fwdirection[$_.direction]}},
    @{Label="Protocol"; expression={$FwProtocols[$_.protocol]}} , localPorts,applicationname
    

    I created a script named listfw.ps1 and when I ran the script, I received the output shown in Figure 1.

    Figure 1
    Figure 1

    The last column wasn’t formatted properly for me so I thought maybe the “–wrap” parameter of  Format-Table was causing the issue.  So I removed the “-wrap” and reran the script.  I received the output shown in Figure 2.

    Figure 2
    Figure 2

    OK, still not what I need.  So I thought maybe the “-autosize” was the culprit.  I removed the “-autosize” and reran the script.  I received the output shown in Figure 3.

    Figure 3
    Figure 3

    OK, I am getting further away from what I really.  What I want is a way for the Name column and the ApplicationName column to be full width.

    Using get-help format-table –full gave me a clue.  The “-property” parameter has some options available:

    -- Name (or Label) <string>
    -- Expression <string> or <script block>
    -- FormatString <string>
    -- Width <int32>
    -- Alignment  (value can be "Left", "Center", or "Right")
    

    I can see in Jame’s original code he is using the “Label” and “Expression” options.  I just need to figure out how to use the “Width” option.  After much trial and error, I came up with the following code:

    $spaces1 = " " * 71
    $spaces2 = " " * 64
    Get-firewallRule -enabled $true | sort name | `
    format-table -property `
    @{label="Name" + $spaces1             ; expression={$_.name}                    ; width=75}, `
    @{label="Action"                      ; expression={$Fwaction[$_.action]}       ; width=6 }, `
    @{label="Direction"                   ; expression={$fwdirection[$_.direction]} ; width=9 }, `
    @{label="Protocol"                    ; expression={$FwProtocols[$_.protocol]}  ; width=8 }, `
    @{label="Local Ports"                 ; expression={$_.localPorts}              ; width=11}, `
    @{label="Application Name" + $spaces2 ; expression={$_.applicationname}         ; width=80}
    

    Running the script gives me the output shown in Figure 4.

    Figure 4
    Figure 4

    DOH! So close.  It seems the output is now limited by the width of the screen.  Looking at the help for Get-Table, I cannot see any option that allows me to make the table wider.  That led me to find this article.

    http://poshoholic.com/2010/11/11/powershell-quick-tip-creating-wide-tables-with-powershell/

    It appears the solution is very simple.  Use out-string –width nnn.  Using a width of 200 and running the following command, I get what is shown below.

    .\listfw.ps1 | out-string –width 200 | out-file .\fw.txt

     

    Name                                                                        Action Direction Protocol Local Ports Application Name
    --------------------------------------------------------------------------- ------ --------- -------- ----------- --------------------------------------------------------------------------------
    Citrix ICA (TCP-In)                                                                                   1494
    Citrix IMA (TCP-In)                                                                                   2512
    Citrix MFCOM (RPC)                                                                                    RPC         C:\Program Files (x86)\Citrix\system32\mfcom.exe
    Citrix Print Service (RPC)                                                                            RPC         C:\Program Files (x86)\Citrix\system32\CpSvc.exe
    Citrix Remote MFCOM DLLs (RPC)                                                                        RPC         C:\Windows\SysWOW64\dllhost.exe
    Citrix Session Reliability (TCP-In)                                                                   2598        C:\Program Files (x86)\Citrix\XTE\bin\xte.exe
    Citrix SSL Relay (TCP-In)                                                                             443         C:\Program Files (x86)\Citrix\XTE\bin\xte.exe
    Citrix WI Configuration Manager (RPC)                                                                 RPC         C:\Program Files (x86)\Citrix\System32\ConfigMgrSvr.exe
    Citrix XML Relay (TCP-In)                                                                             81          C:\Program Files (x86)\Citrix\System32\ctxxmlss.exe
    Core Networking - Destination Unreachable (ICMPv6-In)                                                             System
    Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In)                                        System
    Core Networking - DNS (UDP-Out)                                                                       *           C:\Windows\system32\svchost.exe
    Core Networking - Dynamic Host Configuration Protocol (DHCP-In)                                       68          C:\Windows\system32\svchost.exe
    Core Networking - Dynamic Host Configuration Protocol (DHCP-Out)                                      68          C:\Windows\system32\svchost.exe
    Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-In)                             546         C:\Windows\system32\svchost.exe
    Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-Out)                            546         C:\Windows\system32\svchost.exe
    Core Networking - Group Policy (LSASS-Out)                                                            *           C:\Windows\system32\lsass.exe
    Core Networking - Group Policy (NP-Out)                                                               *           System
    Core Networking - Group Policy (TCP-Out)                                                              *           C:\Windows\system32\svchost.exe
    Core Networking - Internet Group Management Protocol (IGMP-In)                                                    System
    Core Networking - Internet Group Management Protocol (IGMP-Out)                                                   System
    Core Networking - IPHTTPS (TCP-In)                                                                    IPHTTPS     System
    Core Networking - IPHTTPS (TCP-Out)                                                                   *           C:\Windows\system32\svchost.exe
    Core Networking - IPv6 (IPv6-In)                                                                                  System
    Core Networking - IPv6 (IPv6-Out)                                                                                 System
    Core Networking - Multicast Listener Done (ICMPv6-In)                                                             System
    Core Networking - Multicast Listener Done (ICMPv6-Out)
    Core Networking - Multicast Listener Query (ICMPv6-In)                                                            System
    Core Networking - Multicast Listener Query (ICMPv6-Out)
    Core Networking - Multicast Listener Report (ICMPv6-In)                                                           System
    Core Networking - Multicast Listener Report (ICMPv6-Out)
    Core Networking - Multicast Listener Report v2 (ICMPv6-In)                                                        System
    Core Networking - Multicast Listener Report v2 (ICMPv6-Out)
    Core Networking - Neighbor Discovery Advertisement (ICMPv6-In)                                                    System
    Core Networking - Neighbor Discovery Advertisement (ICMPv6-Out)
    Core Networking - Neighbor Discovery Solicitation (ICMPv6-In)                                                     System
    Core Networking - Neighbor Discovery Solicitation (ICMPv6-Out)
    Core Networking - Packet Too Big (ICMPv6-In)                                                                      System
    Core Networking - Packet Too Big (ICMPv6-Out)
    Core Networking - Parameter Problem (ICMPv6-In)                                                                   System
    Core Networking - Parameter Problem (ICMPv6-Out)
    Core Networking - Router Advertisement (ICMPv6-In)                                                                System
    Core Networking - Router Advertisement (ICMPv6-Out)
    Core Networking - Router Solicitation (ICMPv6-In)                                                                 System
    Core Networking - Router Solicitation (ICMPv6-Out)
    Core Networking - Teredo (UDP-In)                                                                     Teredo      C:\Windows\system32\svchost.exe
    Core Networking - Teredo (UDP-Out)                                                                    *           C:\Windows\system32\svchost.exe
    Core Networking - Time Exceeded (ICMPv6-In)                                                                       System
    Core Networking - Time Exceeded (ICMPv6-Out)
    DFS Management (DCOM-In)                                                                              135         C:\Windows\system32\svchost.exe
    DFS Management (SMB-In)                                                                               445         System
    DFS Management (TCP-In)                                                                               RPC         C:\Windows\system32\dfsfrsHost.exe
    DFS Management (WMI-In)                                                                               RPC         C:\Windows\system32\svchost.exe
    Remote Desktop - RemoteFX (TCP-In)                                                                    3389        C:\Windows\system32\svchost.exe
    Remote Desktop (TCP-In)                                                                               3389        System
    SQL Server (Citrix IMA)                                                                               *           C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.CITRIX_METAFRAME\MSSQL\Bi...
    SQL Server Browser (Citrix IMA)                                                                       *           C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    Terminal Services - WMI (DCOM-In)                                                                     135         C:\Windows\system32\svchost.exe
    Terminal Services - WMI (TCP-In)                                                                      RPC         C:\Windows\system32\svchost.exe
    Terminal Services - WMI (WMI-Out)                                                                     *           C:\Windows\system32\svchost.exe
    Terminal Services (NP-In)                                                                             445         System
    Terminal Services (RPC)                                                                               RPC         C:\Windows\system32\svchost.exe
    Terminal Services (RPC-EPMAP)                                                                         RPC-EPMap   C:\Windows\system32\svchost.exe
    

    Now I have a report I can use. I can run this script before and after installing XenApp 6.5 and see what changes were made to the Windows Firewall rules.

    ,





    About Carl Webster

    Webster is a Sr. Solutions Architect for Choice Solutions, LLC and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

    View all posts by Carl Webster

    3 Responses to “Listing Windows Firewall Rules Using Microsoft PowerShell”

    1. Garrett Says:

      This is awesome but it only shows locally created Firewall Rules, it doesn’t list any GPO applied.

      • Carl Webster Says:

        Correct. The HNetCfg.FWPolicy2 comObject only contains the local firewall rules. Starting with Windows 8 and Serer 2012, you now have the Get-NetFirewallRule cmdlet that has a lot more features.

        Thanks

        Webster

    2. Stevo Says:

      If you pipe the output to the “Export-Csv” option instead of the “Format-Table” option, you get all characters in each column without any loss. Then you can simply open it in your favourite CSV program.

      https://technet.microsoft.com/en-us/library/hh849932.aspx

      HTH