When I am troubleshooting the firewall issues, I would like to see what firewall rules are applied on the server. The normal way is via Windows Firewall with Advanced Security GUI. However, it requires RDP to the server and clicks several places to bring up the following firewall table.
I found the PowerShell cmdlets, but none of them can bring the same result as what I need on the above table.
The only information I need are the firewall rule name, Remote Address, Protocol, and the Local Port. So, I decide to create a cmdlet to get the firewall rules from the remote computer.
<#
.SYNOPSIS
Show Firewall rules from the remote computer
.DESCRIPTION
Show Firewall rules from the remote computer
.EXAMPLE
Get-FirewallRules dsc-tst1
DisplayName RemoteAddress Protocol LocalPort
----------- ------------- -------- ---------
Allow TCP 80 for test Any TCP 80
Core Networking - Destination Unreachable (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In) Any ICMPv4 RPC
Core Networking - Dynamic Host Configuration Protocol (DHCP-In) Any UDP 68
Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-In) Any UDP 546
Core Networking - Internet Group Management Protocol (IGMP-In) Any 2 Any
Core Networking - IPHTTPS (TCP-In) Any TCP IPHTTPSIn
Core Networking - IPv6 (IPv6-In) Any 41 Any
Core Networking - Multicast Listener Done (ICMPv6-In) LocalSubnet6 ICMPv6 RPC
Core Networking - Multicast Listener Query (ICMPv6-In) LocalSubnet6 ICMPv6 RPC
Core Networking - Multicast Listener Report (ICMPv6-In) LocalSubnet6 ICMPv6 RPC
Core Networking - Multicast Listener Report v2 (ICMPv6-In) LocalSubnet6 ICMPv6 RPC
Core Networking - Neighbor Discovery Advertisement (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Neighbor Discovery Solicitation (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Packet Too Big (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Parameter Problem (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Router Advertisement (ICMPv6-In) fe80::/64 ICMPv6 RPC
Core Networking - Router Solicitation (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Teredo (UDP-In) Any UDP Teredo
Core Networking - Time Exceeded (ICMPv6-In) Any ICMPv6 RPC
.EXAMPLE
Get-FirewallRules -ComputerName dsc-tst1 -Name "Core*" -LocalPort RPC
DisplayName RemoteAddress Protocol LocalPort
----------- ------------- -------- ---------
Core Networking - Destination Unreachable (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In) Any ICMPv4 RPC
Core Networking - Multicast Listener Done (ICMPv6-In) LocalSubnet6 ICMPv6 RPC
Core Networking - Multicast Listener Query (ICMPv6-In) LocalSubnet6 ICMPv6 RPC
Core Networking - Multicast Listener Report (ICMPv6-In) LocalSubnet6 ICMPv6 RPC
Core Networking - Multicast Listener Report v2 (ICMPv6-In) LocalSubnet6 ICMPv6 RPC
Core Networking - Neighbor Discovery Advertisement (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Neighbor Discovery Solicitation (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Packet Too Big (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Parameter Problem (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Router Advertisement (ICMPv6-In) fe80::/64 ICMPv6 RPC
Core Networking - Router Solicitation (ICMPv6-In) Any ICMPv6 RPC
Core Networking - Time Exceeded (ICMPv6-In) Any ICMPv6 RPC
.INPUTS
Inputs (if any)
.OUTPUTS
Output (if any)
.NOTES
Created By Michael Wu https://mikewu.org/powershell/use-powershell-to-get-firewall-rules-from-remote-computer-get-firewallrules/
#>
function Get-FirewallRules {
[CmdletBinding()]
param (
[Parameter(Mandatory = $false,
Position = 0,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true)]
[string] $ComputerName = $env:computername,
# Parameter return Enabled firewall rules
[Parameter(Mandatory = $false,
HelpMessage = "This parameter specifies that the rule object is administratively enabled or administratively disabled. Default is True")]
[ValidateSet("True", "False")]
[string]$Enabled = "True",
# Firewall rule name
[Parameter(Mandatory = $false)]
[string]
$Name = "",
# Firewall rule protocol
[Parameter(Mandatory = $false)]
[String]
$Protocol = "",
# Firewall rule Port
[Parameter(Mandatory = $false)]
[String]
$LocalPort = "",
# Firewall rule RemoteAddress
[Parameter(Mandatory = $false)]
[String]
$RemoteAddress = ""
)
begin {
# Test if the server is online and PowerShell remoting is enabled
if (Test-Connection $ComputerName -Quiet -Count 1) {
}
else {
Write-Host "$ComputerName is offline..." -ForegroundColor Red
break
}
if (Test-WSMan $ComputerName -ErrorAction SilentlyContinue) {
}
else {
Write-Host "PowerShell Remoting is disabled..." -ForegroundColor Red
break
}
}
process {
$rules = Invoke-Command $ComputerName -ScriptBlock {
$FWObjs = @()
$fws = Get-NetFirewallRule -Direction Inbound -PolicyStore ActiveStore -Action Allow -Enabled $args[0]
foreach ($fw in $fws) {
$remoteAddress2 = $fw | Get-NetFirewallAddressFilter | select -ExpandProperty RemoteAddress
$protocol2 = $fw | Get-NetFirewallPortFilter | select -ExpandProperty Protocol
$localPort2 = $fw | Get-NetFirewallPortFilter | select -ExpandProperty LocalPort
$fw|Add-Member -MemberType NoteProperty -Name Protocol -Value $protocol2
$fw|Add-Member -MemberType NoteProperty -Name LocalPort -Value $localPort2
$fw|Add-Member -MemberType NoteProperty -Name RemoteAddress -Value $remoteAddress2
$FWObjs += $fw
}
$FWObjs|sort displayname|Where-Object displayname -NotLike "@{Microsoft.*"|select displayname, RemoteAddress, Protocol, LocalPort
} -ArgumentList $Enabled
# Firewall rule fileter - switch
switch ($true) {
(($name -ne "") -and ($Protocol -eq "") -and ($LocalPort -eq "") -and ($RemoteAddress -eq ""))
{$rules|sort displayname|Where-Object displayname -Like $name|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -ne "") -and ($Protocol -ne "") -and ($LocalPort -eq "") -and ($RemoteAddress -eq ""))
{$rules|sort displayname|Where-Object displayname -Like $name|? protocol -EQ $protocol|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -ne "") -and ($Protocol -eq "") -and ($LocalPort -ne "") -and ($RemoteAddress -eq ""))
{$rules|sort displayname|Where-Object displayname -Like $name|? LocalPort -Contains $LocalPort|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -ne "") -and ($Protocol -eq "") -and ($LocalPort -eq "") -and ($RemoteAddress -ne ""))
{$rules|sort displayname|Where-Object displayname -Like $name|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -ne "") -and ($Protocol -ne "") -and ($LocalPort -ne "") -and ($RemoteAddress -eq ""))
{$rules|sort displayname|Where-Object displayname -Like $name|? protocol -EQ $protocol|? LocalPort -Contains $LocalPort|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -ne "") -and ($Protocol -ne "") -and ($LocalPort -ne "") -and ($RemoteAddress -ne ""))
{$rules|sort displayname|Where-Object displayname -Like $name|? protocol -EQ $protocol|? LocalPort -Contains $LocalPort|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -ne "") -and ($Protocol -EQ "") -and ($LocalPort -ne "") -and ($RemoteAddress -ne ""))
{$rules|sort displayname|Where-Object displayname -Like $name|? LocalPort -Contains $LocalPort|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -ne "") -and ($Protocol -ne "") -and ($LocalPort -eq "") -and ($RemoteAddress -ne ""))
{$rules|sort displayname|Where-Object displayname -Like $name|? protocol -EQ $protocol|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }
########
(($name -eq "") -and ($Protocol -eq "") -and ($LocalPort -eq "") -and ($RemoteAddress -eq ""))
{$rules|sort displayname|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -eq "") -and ($Protocol -ne "") -and ($LocalPort -eq "") -and ($RemoteAddress -eq ""))
{$rules|sort displayname|? protocol -EQ $protocol|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -eq "") -and ($Protocol -eq "") -and ($LocalPort -ne "") -and ($RemoteAddress -eq ""))
{$rules|sort displayname|? LocalPort -Contains $LocalPort|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -eq "") -and ($Protocol -eq "") -and ($LocalPort -eq "") -and ($RemoteAddress -ne ""))
{$rules|sort displayname|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -eq "") -and ($Protocol -ne "") -and ($LocalPort -ne "") -and ($RemoteAddress -eq ""))
{$rules|sort displayname|? protocol -EQ $protocol|? LocalPort -Contains $LocalPort|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -eq "") -and ($Protocol -ne "") -and ($LocalPort -ne "") -and ($RemoteAddress -ne ""))
{$rules|sort displayname|? protocol -EQ $protocol|? LocalPort -Contains $LocalPort|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -eq "") -and ($Protocol -EQ "") -and ($LocalPort -ne "") -and ($RemoteAddress -ne ""))
{$rules|sort displayname|? LocalPort -Contains $LocalPort|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }
(($name -eq "") -and ($Protocol -ne "") -and ($LocalPort -eq "") -and ($RemoteAddress -ne ""))
{$rules|sort displayname|? protocol -EQ $protocol|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }
Default {$rules|sort displayname|select displayname, RemoteAddress, Protocol, LocalPort }
}
}
end {
}
}
Here is the result I got from the Get-FirewallRules | FT. The result contains all information I need for troubleshooting.
If I want to find rules at certain ports, I can use the following command with the pipeline.
Get-FirewallRules DSC-TST1 | ? localport -eq 80 | FT
And this command can check the Remote Address if the column cannot fit all the addresses.
Get-FirewallRules DSC-TST1 | ? displayname -eq "Test Fw"| select -ExpandProperty RemoteAddress
Update 02/19/2019:
Add the following parameters to filter the rules:
– Name
– RemoteAddress
– Protocol
– LocalPort
You can also download the Get-FirewallRules cmdlet from the Github.