Michael Wu

The Life of a Cloud Engineer

  • Home
  • Resume
  • Blog
  • Contact

Posted on 02.14.19

Use PowerShell to get firewall rules from remote computer Get-FirewallRules

When I am troubleshooting the firewall issues, I would like to see what firewall rules are applied on the server. The normal way is via Windows Firewall with Advanced Security GUI. However, it requires RDP to the server and clicks several places to bring up the following firewall table.

I found the PowerShell cmdlets, but none of them can bring the same result as what I need on the above table.

The only information I need are the firewall rule name, Remote Address, Protocol, and the Local Port. So, I decide to create a cmdlet to get the firewall rules from the remote computer.

<#
.SYNOPSIS
    Show Firewall rules from the remote computer
.DESCRIPTION
    Show Firewall rules from the remote computer
.EXAMPLE
Get-FirewallRules dsc-tst1

DisplayName                                                                RemoteAddress                                                       Protocol LocalPort
-----------                                                                -------------                                                       -------- ---------
Allow TCP 80 for test                                                      Any                                                                 TCP      80
Core Networking - Destination Unreachable (ICMPv6-In)                      Any                                                                 ICMPv6   RPC
Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In) Any                                                                 ICMPv4   RPC
Core Networking - Dynamic Host Configuration Protocol (DHCP-In)            Any                                                                 UDP      68
Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-In)  Any                                                                 UDP      546
Core Networking - Internet Group Management Protocol (IGMP-In)             Any                                                                 2        Any
Core Networking - IPHTTPS (TCP-In)                                         Any                                                                 TCP      IPHTTPSIn
Core Networking - IPv6 (IPv6-In)                                           Any                                                                 41       Any
Core Networking - Multicast Listener Done (ICMPv6-In)                      LocalSubnet6                                                        ICMPv6   RPC
Core Networking - Multicast Listener Query (ICMPv6-In)                     LocalSubnet6                                                        ICMPv6   RPC
Core Networking - Multicast Listener Report (ICMPv6-In)                    LocalSubnet6                                                        ICMPv6   RPC
Core Networking - Multicast Listener Report v2 (ICMPv6-In)                 LocalSubnet6                                                        ICMPv6   RPC
Core Networking - Neighbor Discovery Advertisement (ICMPv6-In)             Any                                                                 ICMPv6   RPC
Core Networking - Neighbor Discovery Solicitation (ICMPv6-In)              Any                                                                 ICMPv6   RPC
Core Networking - Packet Too Big (ICMPv6-In)                               Any                                                                 ICMPv6   RPC
Core Networking - Parameter Problem (ICMPv6-In)                            Any                                                                 ICMPv6   RPC
Core Networking - Router Advertisement (ICMPv6-In)                         fe80::/64                                                           ICMPv6   RPC
Core Networking - Router Solicitation (ICMPv6-In)                          Any                                                                 ICMPv6   RPC
Core Networking - Teredo (UDP-In)                                          Any                                                                 UDP      Teredo
Core Networking - Time Exceeded (ICMPv6-In)                                Any                                                                 ICMPv6   RPC
.EXAMPLE
Get-FirewallRules -ComputerName dsc-tst1 -Name "Core*" -LocalPort RPC

DisplayName                                                                RemoteAddress Protocol LocalPort
-----------                                                                ------------- -------- ---------
Core Networking - Destination Unreachable (ICMPv6-In)                      Any           ICMPv6   RPC
Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In) Any           ICMPv4   RPC
Core Networking - Multicast Listener Done (ICMPv6-In)                      LocalSubnet6  ICMPv6   RPC
Core Networking - Multicast Listener Query (ICMPv6-In)                     LocalSubnet6  ICMPv6   RPC
Core Networking - Multicast Listener Report (ICMPv6-In)                    LocalSubnet6  ICMPv6   RPC
Core Networking - Multicast Listener Report v2 (ICMPv6-In)                 LocalSubnet6  ICMPv6   RPC
Core Networking - Neighbor Discovery Advertisement (ICMPv6-In)             Any           ICMPv6   RPC
Core Networking - Neighbor Discovery Solicitation (ICMPv6-In)              Any           ICMPv6   RPC
Core Networking - Packet Too Big (ICMPv6-In)                               Any           ICMPv6   RPC
Core Networking - Parameter Problem (ICMPv6-In)                            Any           ICMPv6   RPC
Core Networking - Router Advertisement (ICMPv6-In)                         fe80::/64     ICMPv6   RPC
Core Networking - Router Solicitation (ICMPv6-In)                          Any           ICMPv6   RPC
Core Networking - Time Exceeded (ICMPv6-In)                                Any           ICMPv6   RPC

.INPUTS
    Inputs (if any)
.OUTPUTS
    Output (if any)
.NOTES
    Created By Michael Wu https://mikewu.org/powershell/use-powershell-to-get-firewall-rules-from-remote-computer-get-firewallrules/
#>

function Get-FirewallRules {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $false,
            Position = 0,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true)]
        [string] $ComputerName = $env:computername,

        # Parameter return Enabled firewall rules
        [Parameter(Mandatory = $false,
            HelpMessage = "This parameter specifies that the rule object is administratively enabled or administratively disabled. Default is True")]
        [ValidateSet("True", "False")]
        [string]$Enabled = "True",

        # Firewall rule name
        [Parameter(Mandatory = $false)]
        [string]
        $Name = "",

        # Firewall rule protocol
        [Parameter(Mandatory = $false)]
        [String]
        $Protocol = "",

        # Firewall rule Port
        [Parameter(Mandatory = $false)]
        [String]
        $LocalPort = "",

        # Firewall rule RemoteAddress
        [Parameter(Mandatory = $false)]
        [String]
        $RemoteAddress = ""
    )
    
    begin {
        # Test if the server is online and PowerShell remoting is enabled
        if (Test-Connection $ComputerName -Quiet -Count 1) {
        }
        else {
            Write-Host "$ComputerName is offline..." -ForegroundColor Red
            break
        }
        if (Test-WSMan $ComputerName -ErrorAction SilentlyContinue) {
        }
        else {
            Write-Host "PowerShell Remoting is disabled..." -ForegroundColor Red
            break
        }
    }
    
    process {
        $rules = Invoke-Command $ComputerName -ScriptBlock {
            $FWObjs = @()
            $fws = Get-NetFirewallRule -Direction Inbound -PolicyStore ActiveStore -Action Allow -Enabled $args[0]

            foreach ($fw in $fws) {
                $remoteAddress2 = $fw | Get-NetFirewallAddressFilter | select -ExpandProperty RemoteAddress
                $protocol2 = $fw | Get-NetFirewallPortFilter | select -ExpandProperty Protocol
                $localPort2 = $fw | Get-NetFirewallPortFilter | select -ExpandProperty LocalPort
                $fw|Add-Member -MemberType NoteProperty -Name Protocol -Value $protocol2
                $fw|Add-Member -MemberType NoteProperty -Name LocalPort -Value $localPort2
                $fw|Add-Member -MemberType NoteProperty -Name RemoteAddress -Value $remoteAddress2
                $FWObjs += $fw
            }
            $FWObjs|sort displayname|Where-Object displayname -NotLike "@{Microsoft.*"|select displayname, RemoteAddress, Protocol, LocalPort 

        } -ArgumentList $Enabled
        
        # Firewall rule fileter - switch
        switch ($true) {
            (($name -ne "") -and ($Protocol -eq "") -and ($LocalPort -eq "") -and ($RemoteAddress -eq "")) 
            {$rules|sort displayname|Where-Object displayname -Like $name|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -ne "") -and ($Protocol -ne "") -and ($LocalPort -eq "") -and ($RemoteAddress -eq "")) 
            {$rules|sort displayname|Where-Object displayname -Like $name|? protocol -EQ $protocol|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -ne "") -and ($Protocol -eq "") -and ($LocalPort -ne "") -and ($RemoteAddress -eq "")) 
            {$rules|sort displayname|Where-Object displayname -Like $name|? LocalPort -Contains $LocalPort|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -ne "") -and ($Protocol -eq "") -and ($LocalPort -eq "") -and ($RemoteAddress -ne "")) 
            {$rules|sort displayname|Where-Object displayname -Like $name|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -ne "") -and ($Protocol -ne "") -and ($LocalPort -ne "") -and ($RemoteAddress -eq "")) 
            {$rules|sort displayname|Where-Object displayname -Like $name|? protocol -EQ $protocol|? LocalPort -Contains $LocalPort|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -ne "") -and ($Protocol -ne "") -and ($LocalPort -ne "") -and ($RemoteAddress -ne "")) 
            {$rules|sort displayname|Where-Object displayname -Like $name|? protocol -EQ $protocol|? LocalPort -Contains $LocalPort|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -ne "") -and ($Protocol -EQ "") -and ($LocalPort -ne "") -and ($RemoteAddress -ne "")) 
            {$rules|sort displayname|Where-Object displayname -Like $name|? LocalPort -Contains $LocalPort|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -ne "") -and ($Protocol -ne "") -and ($LocalPort -eq "") -and ($RemoteAddress -ne "")) 
            {$rules|sort displayname|Where-Object displayname -Like $name|? protocol -EQ $protocol|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }

            ########
        
            (($name -eq "") -and ($Protocol -eq "") -and ($LocalPort -eq "") -and ($RemoteAddress -eq "")) 
            {$rules|sort displayname|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -eq "") -and ($Protocol -ne "") -and ($LocalPort -eq "") -and ($RemoteAddress -eq "")) 
            {$rules|sort displayname|? protocol -EQ $protocol|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -eq "") -and ($Protocol -eq "") -and ($LocalPort -ne "") -and ($RemoteAddress -eq "")) 
            {$rules|sort displayname|? LocalPort -Contains $LocalPort|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -eq "") -and ($Protocol -eq "") -and ($LocalPort -eq "") -and ($RemoteAddress -ne "")) 
            {$rules|sort displayname|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -eq "") -and ($Protocol -ne "") -and ($LocalPort -ne "") -and ($RemoteAddress -eq "")) 
            {$rules|sort displayname|? protocol -EQ $protocol|? LocalPort -Contains $LocalPort|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -eq "") -and ($Protocol -ne "") -and ($LocalPort -ne "") -and ($RemoteAddress -ne "")) 
            {$rules|sort displayname|? protocol -EQ $protocol|? LocalPort -Contains $LocalPort|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -eq "") -and ($Protocol -EQ "") -and ($LocalPort -ne "") -and ($RemoteAddress -ne "")) 
            {$rules|sort displayname|? LocalPort -Contains $LocalPort|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }

            (($name -eq "") -and ($Protocol -ne "") -and ($LocalPort -eq "") -and ($RemoteAddress -ne "")) 
            {$rules|sort displayname|? protocol -EQ $protocol|? RemoteAddress -Contains $RemoteAddress|select displayname, RemoteAddress, Protocol, LocalPort }

            Default {$rules|sort displayname|select displayname, RemoteAddress, Protocol, LocalPort }
        }
        
    }
    
    end {
    }
}

Here is the result I got from the Get-FirewallRules | FT. The result contains all information I need for troubleshooting.

If I want to find rules at certain ports, I can use the following command with the pipeline.

Get-FirewallRules DSC-TST1 | ? localport -eq 80 | FT

And this command can check the Remote Address if the column cannot fit all the addresses.

Get-FirewallRules DSC-TST1 | ? displayname -eq "Test Fw"| select -ExpandProperty RemoteAddress

Update 02/19/2019:
Add the following parameters to filter the rules:
– Name
– RemoteAddress
– Protocol
– LocalPort

You can also download the Get-FirewallRules cmdlet from the Github.

Categories:PowerShell

Recent Posts

  • Automating Resource Restriction in Azure subscriptions with Budget Alert, Automation Account, and Azure Policy
  • How to configure the Security Center via Azure Resource Manager (ARM) template
  • How to restrict Account Operators to see the password in LAPS
  • How to join a VM to a domain by PowerShell in Azure
  • How to push an existing repository from VS Code to Azure DevOps by PowerShell

Search

Categories

  • Azure
  • IIS
  • PowerShell
  • SCCM
  • VMware
  • Windows Server

Contact

Email: [email protected] | Powered By the 太初網路

Copyright © 2024 mikewu.org Disclaimer

Connect

FacebookTwitterGoogle +Linkedin