Windows contains a robust advanced firewall, but easy to use, and with PowerShell 7 we can easily configure the firewall from the command line. This post covers the common commands used in Windows Firewall and where they can be used.
NetSecurity module is ok documented. Please note that this post only applies to Windows operating system. For other operating systems, there are other command line tools that can be used to perform the same kind of functions, What UFW O IPTables en Linux.
Loading the NetSecurity Module
the NetSecurity The module, integrated and offered by Microsoft, Contains all the must-have features to add, delete and modify firewall rules. To load the module, just import the module as shown below.
Import-Module -Name 'NetSecurity'
List of existing firewall rules
The cmdlet, Get-NetFirewallRule will show all existing firewall rules. There are many, default, therefore to prove it, we take the first 10.
Get-NetFirewallRule | Select-Object DisplayName, Enabled, Direction, Action -First 10
There are many properties that are returned by Get-NetFirewallRule. Even though we list only one of the properties above, running Get-NetFirewallRule | Select-Object * -First 1, will list all available.
Create a new firewall rule
There are many different ways to create a new firewall rule, but the command that does this is [Net-NewFirewallRule](<https://docs.microsoft.com/en-us/powershell/module/netsecurity/new-netfirewallrule?view=win10-ps>). The basic properties that need to be completed are:
DisplayName– The friendly name of the firewall rule.Direction– Either to block the traffic coming out of the computer.Outboundor entering the computerInboundAction– What action to take if the rule is met,AllowOBlock
$Params = @{ "DisplayName" = 'Block WINS' "Direction" = 'Inbound' "Action" = 'Block' "RemoteAddress" = 'WINS' }
New-NetFirewallRule @Params
If he Name parameter is not used, then a random GUID is used. the DisplayName can be human readable, but Name was assigned a random GUID.
Modify an existing firewall rule
What if we want to modify an existing rule without deleting and re-creating the rule completely? To do it, we must execute the Set-NetFirewallRule, and it will allow us to modify the firewall rule as needed.
$Params = @{
"DisplayName" = 'Block WINS'
"Action" = 'Allow'
}
Set-NetFirewallRule @Params
Other useful skills that the Set-NetFirewallRule has is the ability to operate with several rules at the same time. This can be done by locating rules by one of three parameters.
NameThis is the default and if the names are set via pipe or an array of strings, each of them will be acted upon.DisplayNameSimilar toName, multiple pipelined objects or an array of strings will modify those rules accordingly.DisplayGroupOGroupIf the rules are grouped, all those grouped rules can be applied at the same time.
Delete an existing firewall rule
Finally, we would like to delete the existing rule, since it is feasible that it is no longer needed. To do this, run the command Remove-NetFirewallRule. When it does, it is often advisable to use the WhatIf parameter to verify that the rule is correct to delete.
Remove-NetFirewallRule -DisplayName "Block WINS"
It is essential to pay attention that the Remove-NetFirewallRule can delete multiple rules at the same time. Below is an example of this type of functionality. The next rule will remove all disabled rules contained in the policy firewall_gpo at ad.local.test domain.
Remove-NetFirewallRule -Enabled 'False' -PolicyStore 'ad.local.testfirewall_gpo'
A useful command is running, but potentially dangerous Remove-NetFirewallFule itself, which removes all static local firewall rules that have been created. If you have a domain GPO that sets firewall rules, this will remove the ones that might conflict with those GPO-defined rules.
Additional functionality
There are many other commands available within the NetSecurity module. Even though we don't cover them all here, below are some notable commands to demonstrate just how huge the module is.
Copy-NetFirewallRuleThis command will copy an existing firewall rule and all associated filters to the same or a different policy store.Disable-NetFirewallRuleThis will disable a previously enabled firewall rule. The rule will continue to exist, but will not actively modify any network data. If you run this command without any parameters, will disable all active rules on the target computer. It is recommended to always run this command with theWhatIfparameter if it does not target a specific rule or set of rules.Enable-NetFirewallRuleAs theDisable-NetFirewallRule, this command will enable a previously disabled rule or a set of rules. If this command is run without any parameters, will enable all previously disabled rules. It is recommended to always run this command with theWhatIfparameter if it does not target a specific rule or set of rules.Get-NetFirewallProfileThis command displays the alternatives currently configured for a specified profile, As theDomain,Private, OPublicprofiles.Get-NetFirewallSettingThe global firewall settings can be retrieved using theGet-NetFirewallSettingcommand. These settings include options such as certificate options, packet queue or authorization lists.Rename-NetFirewallRuleTo rename an existing firewall rule, Use theRename-NetFirewallRulecommand. This is useful if a rule was created without a specific name, so a random GUID is received as a name, and it is preferred to have a human readable name assigned.Set-NetFirewallProfileTo determine specific settings for individual profiles, use elSet-NetFirewallProfilecommand. This allows each profile to have different configurations.Set-NetFirewallSettingThis command configures the global firewall behaviors that apply regardless of the network profile currently in use..Show-NetFirewallRuleThis helper command will display the firewall rules and their associated objects in a formatted list.
There is extensive IPSec functionality contained in the module. The commands listed previously are those that operate in the standard configuration of Windows Firewall.
conclusion
There are many commands available to manage Windows Firewall. This post only touches on some of them, in particular the most important commands to list, create, quickly modify and clear firewall rules. Even complex firewall configurations can be achieved strictly through the command line using the NetSecurity PowerShell Module!
