Creating firewall rules using Windows PowerShell
You can also use Windows PowerShell cmdlets from the
NetSecurity module to view, create, modify, and remove firewall
rules on both the local and remote computers. For example, to
display a list of inbound rules in the Network Discovery rule group
on the local computer, you can use the Get-NetFirewallRule cmdlet
like this:
PS C:\> Get-NetFirewallRule -PolicyStore ActiveStore `
-DisplayGroup "Network Discovery" -Direction Inbound | `
ft Name,DisplayName,Enabled,Action -AutoSize
Name DisplayName Enabled Action
---- ----------- ------- ------
NETDIS-UPnPHost-In-TCP Network Discovery (UPnP-In) False Allow
NETDIS-NB_Name-In-UDP Network Discovery (NB-Name-In) False Allow
NETDIS-NB_Datagram-In-UDP Network Discovery (NB-Datagram-In) False Allow
NETDIS-WSDEVNTS-In-TCP Network Discovery (WSD EventsSecure-In) False Allow
NETDIS-WSDEVNT-In-TCP Network Discovery (WSD Events-In) False Allow
NETDIS-SSDPSrv-In-UDP Network Discovery (SSDP-In) False Allow
NETDIS-FDPHOST-In-UDP Network Discovery (WSD-In) False Allow
NETDIS-LLMNR-In-UDP Network Discovery (LLMNR-UDP-In) False Allow
NETDIS-FDRESPUB-WSD-In-UDP Network Discovery (Pub-WSD-In) False Allow
As a second example, you can create a new rule to block
outgoing traffic over TCP port 80 on the local computer by using the
New-NetFirewallRule cmdlet as follows:
PS C:\> New-NetFirewallRule -DisplayName "Block Outbound Port 80"`
-Direction Outbound -LocalPort 80 -Protocol TCP -Action Block
Name : {19e3a3b5-ec0d-4e17-b98d-a0005e96bf20}
DisplayName : Block Outbound Port 80
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Block
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
The PolicyStoreSource property for the
new rule is PersistentStore. This means the new
rule is a static rule that is configured in the local policy store
on the computer instead of through Group Policy. By default, the new
rule is enabled and is configured for all three firewall
profiles.
Creating rules for refreshing Group Policy
With Windows Server 2012 you can remotely force a
refresh of Group Policy on computers belonging to an Active
Directory domain. For this to work, though, certain firewall ports
on the remote computer must be opened. Instead of manually creating
the necessary rules in Windows Firewall with Advanced Security on
the remote computer, however, you can use two new built-in Starter
GPOs included in Windows Server 2012 to create GPOs that have
firewall rules designed for special purposes. These new Starter GPOs
are shown in Figure 10 and are as
follows:
-
Group Policy Remote Update Firewall
Ports The Group Policy remote-refresh capability
described earlier in this lesson requires that certain firewall
ports be opened on the computers targeted by a refresh action.
You can use the Group Policy Remote Update Firewall Ports
Starter GPO as a template for creating a GPO that automatically
opens the firewall ports required for this purpose on computers
targeted by the GPO. The required inbound firewall rules that
must be enabled are as follows:
-
Remote Scheduled Tasks Management (RPC-EPMAP)
-
Remote Scheduled Tasks Management (RPC)
-
Windows Management Instrumentation (WMI-in)
-
Group Policy Reporting Firewall
Ports The capability of the Group Policy Management
Console (GPMC) to collect Resultant Set of Policy (RSoP)
information from a remote computer requires that certain
firewall ports be opened on the remote computer. You can use the
Group Policy Reporting Firewall Ports Starter GPO as a template
for creating a GPO that automatically opens the firewall ports
required for this purpose on computers targeted by the GPO. The
required inbound firewall rules that must be enabled are as
follows:
-
Remote Event Log Management (RPC-EPMAP)
-
Remote Event Log Management (RPC)
-
Remote Event Log Management (NP-in)
-
Windows Management Instrumentation (WMI-in)
