<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>In the previous installment of this series, I introduced fundamental commands for managing Windows firewall rules, including creating, modifying, deleting, and viewing these rules. While the commands provided a solid foundation, it became evident that the Get-NetFirewallRule cmdlet has certain limitations that necessitate the use of additional commands to extract more detailed information.
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>The primary shortcoming of the Get-NetFirewallRule cmdlet lies in its inability to retrieve specific details such as local port numbers, remote port numbers, and the protocol in use. To access this crucial information, we can employ supplementary cmdlets that complement the functionality of Get-NetFirewallRule.
<h2 class="ContentText ContentTextvarianth2 ContentTextalignleft” data-testid=”content-text” id=”Retrieving Local and Remote Port and Protocol”>Retrieving Local and Remote Port and Protocol
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>To gather information on the protocol, local port number, and remote port associated with a specific firewall rule, we can utilize the Get-NetFirewallPortFilter cmdlet. For instance, if we wish to retrieve this information for the rule named “My Example Rule,” we would execute the following command:
<span class="ContentText ContentTextvariantbodyNoneStyle" data-testid="content-text">Get-NetFirewallRule -DisplayName "My Example Rule" | Get-NetFirewallPortFilter | Select-Object Name, Protocol, LocalPort, RemotePort
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>As illustrated in Figure 1, the initial command yields basic details about the firewall rule, while the subsequent command reveals the protocol, local port number, and remote port.
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>Figure 1. The Get-NetFirewallRule cmdlet provides information that cannot be retrieved independently.
<h2 class="ContentText ContentTextvarianth2 ContentTextalignleft” data-testid=”content-text” id=”Retrieving Addresses”>Retrieving Addresses
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>If we wish to extend our inquiry to include both the remote and local addresses, we can do so by employing the Get-NetFirewallAddressFilter cmdlet. This cmdlet operates similarly to Get-NetFirewallPortFilter. To retrieve the addresses, we begin by executing the Get-NetFirewallRule cmdlet and then pipe its output to the Get-NetFirewallAddressFilter. The command would look like this:
<span class="ContentText ContentTextvariantbodyNoneStyle" data-testid="content-text">Get-NetFirewallRule -DisplayName "My Example Rule" | Get-NetFirewallAddressFilter | Select-Object Name, RemoteAddress, LocalAddress
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>Refer to Figure 2 for a visual representation of this command’s output.
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>Figure 2. This illustrates the method for retrieving local and remote addresses.
<h2 class="ContentText ContentTextvarianth2 ContentTextalignleft” data-testid=”content-text” id=”Producing a Consolidated Output”>Producing a Consolidated Output
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>The ability to extract detailed information about Windows firewall rules is invaluable. However, the challenge lies in accessing all this information efficiently. For those who frequently manage firewall rules using PowerShell, consolidating this data into a single output can significantly streamline the process.
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>To facilitate this, I present a concise script that consolidates the relevant information:
<span class="ContentText ContentTextvariantbodyNoneStyle" data-testid="content-text">$RuleName = "My Example Rule" $Rule = Get-NetFirewallRule -DisplayName $RuleName $PortFilter = $Rule | Get-NetFirewallPortFilter $AddressFilter = $Rule | Get-NetFirewallAddressFilter $ConsolidatedInfo = [PSCustomObject]@{ Name = $Rule.DisplayName Direction = $Rule.Direction Action = $Rule.Action Protocol = $PortFilter.Protocol LocalPort = $PortFilter.LocalPort RemotePort = $PortFilter.RemotePort LocalAddress = $AddressFilter.LocalAddress RemoteAddress = $AddressFilter.RemoteAddress } Write-Host $ConsolidatedInfo
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>The script and its output are depicted in Figure 3.
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>Figure 3. This script generates a consolidated output of firewall rule information.
<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>This straightforward script utilizes the $RuleName variable to specify the rule under examination. Three variables—$Rule, $PortFilter, and $AddressFilter—capture the outputs from the respective cmdlets. Finally, a custom PowerShell object, $ConsolidatedInfo, is created to compile elements from each variable.
Related:Test-NetConnection Cmdlet: A PowerShell-Based Ping Alternative<span class="ContentText ContentTextvariantbodyNormal” data-testid=”content-text”>In the concluding part of this series, I will guide you through establishing a firewall rule baseline and verifying whether your existing rules have deviated from that baseline.