We define a new Windows firewall rule for some program to accept inbound TCP connections on some port. This can be done using either netsh.exe utility or Powershell New-NetFirewallRule cmdlet. For a example, here's a sample command to allow notepad.exe to accept TCP connections on port 5001 (I know, notepad can't do that):
New-NetFirewallRule -program "C:\windows\System32\notepad.exe" -direction Inbound -Action Allow -Protocol tcp -LocalPort 5001 -Name "Testing Notepad on port 5001" -DisplayName "Testing Notepad on port 5001"
To retrieve/view this rule, one can again use netsh.exe or Get-NetFirewallRule cmdlet.
Ideally we'd like to use Powershell Get-NetFirewallRule, but we are not able to view the actual program path that was used when the rule was created.
Here's the output of netsh.exe:
netsh advfirewall firewall show rule name="Testing Notepad on port 5001" verbose
Rule Name: Testing Notepad on port 5001
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
LocalIP: Any
RemoteIP: Any
Protocol: TCP
LocalPort: 5001
RemotePort: Any
Edge traversal: No
Program: C:\windows\System32\notepad.exe
InterfaceTypes: Any
Security: NotRequired
Rule source: Local Setting
Action: Allow
Here's the output of Get-NetFirewallRule cmdlet:
Get-NetFirewallRule -Name "Testing Notepad on port 5001" | Format-list *
Name : Testing Notepad on port 5001
ID : Testing Notepad on port 5001
Group :
Platform : {}
LSM : False
DisplayName : Testing Notepad on port 5001
Enabled : True
Profile : Any
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
PrimaryStatus : OK
Status : The rule was parsed successfully from the store.
EnforcementStatus : NotApplicable
PolicyStoreSourceType : Local
Caption :
Description :
ElementName : Testing Notepad on port 5001
InstanceID : Testing Notepad on port 5001
CommonName :
PolicyKeywords :
PolicyDecisionStrategy : 2
PolicyRoles :
ConditionListType : 3
CreationClassName : MSFT|FW|FirewallRule|Testing Notepad on port 5001
ExecutionStrategy : 2
Mandatory :
PolicyRuleName :
Priority :
RuleUsage :
SequencedActions : 3
SystemCreationClassName :
SystemName :
DisplayGroup :
LocalOnlyMapping : False
LooseSourceMapping : False
Owner :
Platforms : {}
PolicyStoreSource : PersistentStore
Profiles : 0
RuleGroup :
StatusCode : 65536
PSComputerName :
CimClass : root/standardcimv2:MSFT_NetFirewallRule
CimInstanceProperties : {Caption, Description, ElementName, InstanceID...}
CimSystemProperties : Microsoft.Management.Infrastructure.CimSystemPropertieses
Any suggestions or ideas on retrieving program path, port, protocol, etc., using Powershell cmdlet?
You should use Get-NetFirewall*Filter
cmdlets for this.
PS> Get-Command Get-NetFirewall*Filter
CommandType Name Version Source
----------- ---- ------- ------
Function Get-NetFirewallAddressFilter NetSecurity
Function Get-NetFirewallApplicationFilter NetSecurity
Function Get-NetFirewallInterfaceFilter NetSecurity
Function Get-NetFirewallInterfaceTypeFilter NetSecurity
Function Get-NetFirewallPortFilter NetSecurity
Function Get-NetFirewallSecurityFilter NetSecurity
Function Get-NetFirewallServiceFilter NetSecurity
All of that cmdlets have -AssociatedNetFirewallRule
parameter, which accepts pipeline input.
In your case, you can use following command:
Get-NetFirewallRule -Name "Testing Notepad on port 5001" | Get-NetFirewallApplicationFilter