Hey, Scripting Guy! Weekend Scripter: How to Retrieve Enabled Windows Firewall Rules

ScriptingGuy1

  Microsoft Scripting Guy Ed Wilson here. The Scripting Wife and I are getting ready to head up to the mountains in search of a bit of cool air. Even if it is hot up there, it will still be cool because we are meeting one of my old high school friends. Actually, all of my high school friends are old now, but that is another story. John was in one of my rock bands when we were in high school together. In fact, I taught him how to play the bass guitar. Now he is a microbiologist, and he is bringing his wife and daughter with him. It should be a nice weekend. While the Scripting Wife is packing, I thought I would work on a script that retrieves Windows Firewall rules that are enabled on my laptop. Maybe it is because my friend John is a microbiologist and he works with viruses that the thought of working with the firewall jumped into my head. The Windows Firewall is documented on MSDN, but many of the items of concern to people writing in Windows PowerShell are not documented. This is not a problem. Using Windows PowerShell, we can discover much of the information that is needed. After the hnetcfg.fwpolicy2 COM object is created and stored in the $fw variable, its members can be explored by the Get-Member cmdlet. This is shown here:  

$fw = New-Object -ComObject hnetcfg.fwpolicy2
$fw | Get-Member
TypeName: System.__ComObject#{98325047-c671-4174-8d81-defcd3f03186}
Name MemberType Definition
—- ———- ———-
EnableRuleGroup Method void EnableRuleGroup (int, string, bool)
IsRuleGroupEnabled Method bool IsRuleGroupEnabled (int, string)
RestoreLocalFirewallDefaults Method void RestoreLocalFirewallDefaults ()
BlockAllInboundTraffic ParameterizedProperty bool BlockAllInboundTraffic (NET_FW_PROFI…
DefaultInboundAction ParameterizedProperty NET_FW_ACTION_ DefaultInboundAction (NET_…
DefaultOutboundAction ParameterizedProperty NET_FW_ACTION_ DefaultOutboundAction (NET…
ExcludedInterfaces ParameterizedProperty Variant ExcludedInterfaces (NET_FW_PROFIL…
FirewallEnabled ParameterizedProperty bool FirewallEnabled (NET_FW_PROFILE_TYPE…
IsRuleGroupCurrentlyEnabled ParameterizedProperty bool IsRuleGroupCurrentlyEnabled (string)…
NotificationsDisabled ParameterizedProperty bool NotificationsDisabled (NET_FW_PROFIL…
UnicastResponsesToMulticastBroadcastDisabled ParameterizedProperty bool
CurrentProfileTypes Property int CurrentProfileTypes () {get}
LocalPolicyModifyState Property NET_FW_MODIFY_STATE_ LocalPolicyModifySta…
Rules Property INetFwRules Rules () {get}
ServiceRestriction Property INetFwServiceRestriction ServiceRestricti…  

To retrieve the rules, all I need to do is query the Rules property. This is shown here: PS C:Usersed.NWTRADERS> $fw = New-Object -ComObject hnetcfg.fwpolicy2
$fw.rules
Name : Zune Network Sharing Service (UPnPHost-Out)
Description : Outbound rule for the Zune Network Sharing Service to allow use of Universal Plug and Play. [TCP]
ApplicationName : C:Windowssystem32svchost.exe
serviceName : upnphost
Protocol : 6
LocalPorts : *
RemotePorts : *
LocalAddresses : *
RemoteAddresses : LocalSubnet
IcmpTypesAndCodes : 
Direction : 2
Interfaces : 
InterfaceTypes : All
Enabled : False
Grouping : @e:Program Fileszuneresources.dll,-270
Profiles : 7
EdgeTraversal : False
Action : 1
EdgeTraversalOptions : 0

<output truncated>
The output goes on and on and on. One thing I noticed is that there is an Enabled property returned for the Rule object. Therefore, filtering for enabled rules will reduce the output. In addition, I am primarily concerned with the protocol, the port, the direction, and of course the name of the rule. A table will be a nice way to display that information. The revised script is shown here. DisplayEnabledFirewallRules.ps1 $fw = New-Object -ComObject hnetcfg.fwpolicy2

$fw.rules |

Where-Object { $_.enabled } |

Sort-Object -Property direction |

Format-Table -Property direction, protocol, localports, name -AutoSize -Wrap   When the DisplayEnabledFirewallRules.ps1 script runs, the output shown in the following image is displayed. Image of output displayed when script is run   If you want to know exactly what we will be looking at tomorrow, follow us on Twitter or Facebook. If you have any questions, send e-mail to us at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.   Ed Wilson and Craig Liebendorfer, Scripting Guys

 

0 comments

Discussion is closed.

Feedback usabilla icon