• Listing Windows Firewall Rules Using Microsoft PowerShell

    November 16, 2012

    PowerShell

    At a customer site recently, I needed a way to list all the Enabled Windows Firewall Inbound Rules.  I could not get what I needed by using the Windows

    netsh advfirewall monitor show firewall rule name=all dir=in

    command so I turned to using PowerShell.

    I found the following article by James O’Neill that helped me get started.

    http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx

    What I needed for a headstart was the following code from James’ article:

    Function Get-FireWallRule
    {Param ($Name, $Direction, $Enabled, $Protocol, $profile, $action, $grouping)
    $Rules=(New-object –comObject HNetCfg.FwPolicy2).rules
    If ($name)      {$rules= $rules | where-object {$_.name     -like $name}}
    If ($direction) {$rules= $rules | where-object {$_.direction  -eq $direction}}
    If ($Enabled)   {$rules= $rules | where-object {$_.Enabled    -eq $Enabled}}
    If ($protocol)  {$rules= $rules | where-object {$_.protocol   -eq $protocol}}
    If ($profile)   {$rules= $rules | where-object {$_.Profiles -bAND $profile}}
    If ($Action)    {$rules= $rules | where-object {$_.Action     -eq $Action}}
    If ($Grouping)  {$rules= $rules | where-object {$_.Grouping -like $Grouping}}
    $rules}
    
    Get-firewallRule -enabled $true | sort direction,applicationName,name |
    format-table -wrap -autosize -property Name, @{Label=”Action”; expression={$Fwaction[$_.action]}},
    @{label="Direction";expression={ $fwdirection[$_.direction]}},
    @{Label="Protocol"; expression={$FwProtocols[$_.protocol]}} , localPorts,applicationname
    

    I created a script named listfw.ps1 and when I ran the script, I received the output shown in Figure 1.

    Figure 1
    Figure 1

    The last column wasn’t formatted properly for me so I thought maybe the “–wrap” parameter of  Format-Table was causing the issue.  So I removed the “-wrap” an reran the script.  I received the output shown in Figure 2.

    Figure 2
    Figure 2

    OK, still not what I need.  So I thought maybe the “-autosize” was the culprit.  I removed the “-autosize” and reran the script.  I received the output shown in Figure 3.

    Figure 3
    Figure 3

    OK, I am getting further away from what I really.  What I want is a way for the Name column and the ApplicationName column to be full width.

    Using get-help format-table –full gave me a clue.  The “-property” parameter has some options available:

    -- Name (or Label) <string>
    -- Expression <string> or <script block>
    -- FormatString <string>
    -- Width <int32>
    -- Alignment  (value can be "Left", "Center", or "Right")
    

    I can see in Jame’s original code he is using the “Label” and “Expression” options.  I just need to figure out how to use the “Width” option.  After much trial and error, I came up with the following code:

    $spaces1 = " " * 71
    $spaces2 = " " * 64
    Get-firewallRule -enabled $true | sort name | `
    format-table -property `
    @{label="Name" + $spaces1             ; expression={$_.name}                    ; width=75}, `
    @{label="Action"                      ; expression={$Fwaction[$_.action]}       ; width=6 }, `
    @{label="Direction"                   ; expression={$fwdirection[$_.direction]} ; width=9 }, `
    @{label="Protocol"                    ; expression={$FwProtocols[$_.protocol]}  ; width=8 }, `
    @{label="Local Ports"                 ; expression={$_.localPorts}              ; width=11}, `
    @{label="Application Name" + $spaces2 ; expression={$_.applicationname}         ; width=80}
    

    Running the script gives me the output shown in Figure 4.

    Figure 4
    Figure 4

    DOH! So close.  It seems the output is now limited by the width of the screen.  Looking at the help for get-table, I cannot see any option that allows me to make the table wider.  That led me to finding this article.

    http://poshoholic.com/2010/11/11/powershell-quick-tip-creating-wide-tables-with-powershell/

    It appears the solution is very simple.  Use out-string –width nnn.  Using a width of 200 and running the following command, I get what is shown below.

    .\listfw.ps1 | out-string –width 200 | out-file .\fw.txt

     

    Name                                                                        Action Direction Protocol Local Ports Application Name
    --------------------------------------------------------------------------- ------ --------- -------- ----------- --------------------------------------------------------------------------------
    Citrix ICA (TCP-In)                                                                                   1494
    Citrix IMA (TCP-In)                                                                                   2512
    Citrix MFCOM (RPC)                                                                                    RPC         C:\Program Files (x86)\Citrix\system32\mfcom.exe
    Citrix Print Service (RPC)                                                                            RPC         C:\Program Files (x86)\Citrix\system32\CpSvc.exe
    Citrix Remote MFCOM DLLs (RPC)                                                                        RPC         C:\Windows\SysWOW64\dllhost.exe
    Citrix Session Reliability (TCP-In)                                                                   2598        C:\Program Files (x86)\Citrix\XTE\bin\xte.exe
    Citrix SSL Relay (TCP-In)                                                                             443         C:\Program Files (x86)\Citrix\XTE\bin\xte.exe
    Citrix WI Configuration Manager (RPC)                                                                 RPC         C:\Program Files (x86)\Citrix\System32\ConfigMgrSvr.exe
    Citrix XML Relay (TCP-In)                                                                             81          C:\Program Files (x86)\Citrix\System32\ctxxmlss.exe
    Core Networking - Destination Unreachable (ICMPv6-In)                                                             System
    Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In)                                        System
    Core Networking - DNS (UDP-Out)                                                                       *           C:\Windows\system32\svchost.exe
    Core Networking - Dynamic Host Configuration Protocol (DHCP-In)                                       68          C:\Windows\system32\svchost.exe
    Core Networking - Dynamic Host Configuration Protocol (DHCP-Out)                                      68          C:\Windows\system32\svchost.exe
    Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-In)                             546         C:\Windows\system32\svchost.exe
    Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-Out)                            546         C:\Windows\system32\svchost.exe
    Core Networking - Group Policy (LSASS-Out)                                                            *           C:\Windows\system32\lsass.exe
    Core Networking - Group Policy (NP-Out)                                                               *           System
    Core Networking - Group Policy (TCP-Out)                                                              *           C:\Windows\system32\svchost.exe
    Core Networking - Internet Group Management Protocol (IGMP-In)                                                    System
    Core Networking - Internet Group Management Protocol (IGMP-Out)                                                   System
    Core Networking - IPHTTPS (TCP-In)                                                                    IPHTTPS     System
    Core Networking - IPHTTPS (TCP-Out)                                                                   *           C:\Windows\system32\svchost.exe
    Core Networking - IPv6 (IPv6-In)                                                                                  System
    Core Networking - IPv6 (IPv6-Out)                                                                                 System
    Core Networking - Multicast Listener Done (ICMPv6-In)                                                             System
    Core Networking - Multicast Listener Done (ICMPv6-Out)
    Core Networking - Multicast Listener Query (ICMPv6-In)                                                            System
    Core Networking - Multicast Listener Query (ICMPv6-Out)
    Core Networking - Multicast Listener Report (ICMPv6-In)                                                           System
    Core Networking - Multicast Listener Report (ICMPv6-Out)
    Core Networking - Multicast Listener Report v2 (ICMPv6-In)                                                        System
    Core Networking - Multicast Listener Report v2 (ICMPv6-Out)
    Core Networking - Neighbor Discovery Advertisement (ICMPv6-In)                                                    System
    Core Networking - Neighbor Discovery Advertisement (ICMPv6-Out)
    Core Networking - Neighbor Discovery Solicitation (ICMPv6-In)                                                     System
    Core Networking - Neighbor Discovery Solicitation (ICMPv6-Out)
    Core Networking - Packet Too Big (ICMPv6-In)                                                                      System
    Core Networking - Packet Too Big (ICMPv6-Out)
    Core Networking - Parameter Problem (ICMPv6-In)                                                                   System
    Core Networking - Parameter Problem (ICMPv6-Out)
    Core Networking - Router Advertisement (ICMPv6-In)                                                                System
    Core Networking - Router Advertisement (ICMPv6-Out)
    Core Networking - Router Solicitation (ICMPv6-In)                                                                 System
    Core Networking - Router Solicitation (ICMPv6-Out)
    Core Networking - Teredo (UDP-In)                                                                     Teredo      C:\Windows\system32\svchost.exe
    Core Networking - Teredo (UDP-Out)                                                                    *           C:\Windows\system32\svchost.exe
    Core Networking - Time Exceeded (ICMPv6-In)                                                                       System
    Core Networking - Time Exceeded (ICMPv6-Out)
    DFS Management (DCOM-In)                                                                              135         C:\Windows\system32\svchost.exe
    DFS Management (SMB-In)                                                                               445         System
    DFS Management (TCP-In)                                                                               RPC         C:\Windows\system32\dfsfrsHost.exe
    DFS Management (WMI-In)                                                                               RPC         C:\Windows\system32\svchost.exe
    Remote Desktop - RemoteFX (TCP-In)                                                                    3389        C:\Windows\system32\svchost.exe
    Remote Desktop (TCP-In)                                                                               3389        System
    SQL Server (Citrix IMA)                                                                               *           C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.CITRIX_METAFRAME\MSSQL\Bi...
    SQL Server Browser (Citrix IMA)                                                                       *           C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    Terminal Services - WMI (DCOM-In)                                                                     135         C:\Windows\system32\svchost.exe
    Terminal Services - WMI (TCP-In)                                                                      RPC         C:\Windows\system32\svchost.exe
    Terminal Services - WMI (WMI-Out)                                                                     *           C:\Windows\system32\svchost.exe
    Terminal Services (NP-In)                                                                             445         System
    Terminal Services (RPC)                                                                               RPC         C:\Windows\system32\svchost.exe
    Terminal Services (RPC-EPMAP)                                                                         RPC-EPMap   C:\Windows\system32\svchost.exe
    

    Now I have a report I can use. I can run this script before and after installing XenApp 6.5 and see what changes were made to the Windows Firewall rules.

    ,

    About Carl Webster

    Webster is a Sr. Solutions Architect for Choice Solutions, LLC and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

    View all posts by Carl Webster

    to “Listing Windows Firewall Rules Using Microsoft PowerShell”

    1. Garrett Says:

      This is awesome but it only shows locally created Firewall Rules, it doesn’t list any GPO applied.

      Reply

      • Carl Webster Says:

        Correct. The HNetCfg.FWPolicy2 comObject only contains the local firewall rules. Starting with Windows 8 and Serer 2012, you now have the Get-NetFirewallRule cmdlet that has a lot more features.

        Thanks

        Webster

        Reply

    2. Stevo Says:

      If you pipe the output to the “Export-Csv” option instead of the “Format-Table” option, you get all characters in each column without any loss. Then you can simply open it in your favourite CSV program.

      https://technet.microsoft.com/en-us/library/hh849932.aspx

      HTH

      Reply

    Leave a Reply