Creating New Firewall Rules Using PowerShell
PowerShell Backup GPO Settings
12/09/2020
Create Multiple Variables Using An Array Operator
12/14/2020Today we continue our series that answers common questions, or questions that have been asked about/of PowerShell. Creating new firewall rules using PowerShell. What we intend to provide is one of the many, many ways you can accomplish these same tasks within PowerShell.
All of the solutions are ours and demonstrate the author’s skill and ability level at the time of writing. That is to say, we might not always write the best PowerShell code. However, if you know of a better way we welcome that input.
Let’s start. The question is:
Is there an easy way to create a firewall rule?
The Answer:
Yes there is. Using a cmdlet called New-NetFirewallRule. Here is how.
What is New-NetFireWallRule?
The New-NetFirewallRule cmdlet creates a new firewall rule, inbound or outbound, and adds the newly created rule to the target computer. Some of the parameters that are used to specify the conditions must be matched for the rule to apply. Such as the LocalAddress and RemoteAddress parameters. Some of the other parameters specify in what way that the connection should be secured, for instance, authentication and encryption parameters.
Rules that already exist are managed with the Get-NetFirewallRule and Set-NetFirewallRule cmdlets.
For instance, say we want to block all network traffic that uses SSL (Port 441). That would look like this:
New-NetFirewallRule -DisplayName "Block All SSL Network Data" -Direction Outbound -LocalPort 441 -Protocol TCP -Action Block New-NetFirewallRule -DisplayName "Block All SSL Network Data" -Direction Inbound -LocalPort 441 -Protocol TCP -Action Block
Where -DisplayName labels the firewall setting so you can find it later. -Direction is the reason there are two commands. Specifying both Inbound and Outbound tell the computer to block all data whatsoever. The -LocalPort specifies the port we are blocking, in this case, it is 441. The -Protocol specifies the protocol to block. In our case, we are blocking TCP. Lastly -Action specifies the action we want to take. Again, in this case, we are using the blocking action.
So now that you see it in action in one line commands let’s look at an easier to read format for this command. In the example below, we are going to block all wireless network traffic.
New-NetFirewallRule ' -Name "Block Wireless Inbound" ' -Direction Inbound ' -InterfaceType Wireless ' -Action Block New-NetFirewallRule ' -Name "Block Wireless Outbound" ' -Direction Outbound ' -InterfaceType Wireless ' -Action Block
The two above commands are the same as the one-line commands. Well, there are two differences. We are using the modifier -InterfaceType to specify the wireless interface. We are also using the tilde (`) to define line breaks in the console. The interpreter still sees this as one line, the difference is it’s much easier to read like this, that is if you are human.
Edge Cases:
So what if you need to specify a range of ports? To do that you use the modifier -LocalPort and then use numbers separated by a dash(-).
What if you need to allow or block a specific application? To do this we would specify the -Program modifier and the full path (UNC) to the exe/bat/etc…. in quotes.
What if you needed to allow or block access from the computers on a remote side of an edge device (NAT)? We would use the -EdgeTraversalPolicy. Accepted values for this modifier are Block, Allow, DeferToUser, and DeferToApp.
Creating new firewall rules using PowerShell
Let’s put all of this together in a new rule that allows access to a test application over a range of ports.
New-NetFirewallRule ' DisplayName "Allow Traffic From TestApp" ' Direction Inbound ' Action Allow ' EdgeTraversalPolicy Allow ' Protocol TCP ' LocalPort 1000-5000 ' Program "C:\Program Files\TestApp.exe"
That is all there is to it. If you are wanting to modify existing firewall rules you should use the Get-NetFirewallRule and Set-NetFirewallRule cmdlets.
