{"id":4757,"date":"2012-10-28T00:01:00","date_gmt":"2012-10-28T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2012\/10\/28\/weekend-scripter-playing-around-with-windows-firewall\/"},"modified":"2012-10-28T00:01:00","modified_gmt":"2012-10-28T00:01:00","slug":"weekend-scripter-playing-around-with-windows-firewall","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/weekend-scripter-playing-around-with-windows-firewall\/","title":{"rendered":"Weekend Scripter: Playing Around with Windows Firewall"},"content":{"rendered":"

Summary<\/b>: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to work with Windows Firewall on Windows 8 and Windows Server 2012.\nMicrosoft Scripting Guy, Ed Wilson, is here. The Scripting Wife returned home from the Windows PowerShell Saturday #003 event<\/a> in Atlanta, Georgia, last night, and she was exhausted—happy, but exhausted. First of all we had pre-ordered a Surface for her that was delivered after she left for Alpharetta, but  PowerShell MVP Jim Christopher came to the rescue. Jim was kind enough to stop by the house and pick up the Surface and hand delivered it to the Scripting Wife Friday evening. Speaking of rescue and speaking, (pun intended) I want to heartily thank Glenn Sizemore and Robert Cain for delivering the two sessions that I had planned on presenting. I hear both gentlemen did a wonderful job. The event was packed, and Mark Schill and the crew did a fantastic job organizing a flawless Windows PowerShell Saturday. Well done.\nIf you follow the Scripting Wife on Facebook or Twitter, you know I have not been able to eat or drink anything hot for a week—that means no hot tea—and it has been driving me crazy. So, I am sitting on the lanai sipping a cool glass of water—not quite the same as English Breakfast Tea—not by a long shot.\nAnyway, one of the things I have wanted to play with is the cmdlets for Windows Firewall. With nothing on the agenda but a murder mystery, written by my good friend and mentor Jaden Terrell<\/a>, and a glass of cool water, today is the day.<\/p>\n

Windows 8 Firewall cmdlets—a quick look<\/h2>\n

I am a huge fan of Windows Firewall because it works well, provides a measure of in-depth security, and comes with the operating system. In fact, I rarely find firewall-related issues, and, therefore, I do not turn it off—in fact, I leave it running on both the desktop and the server.\nThe first thing to do when working with the firewall is to determine the network connection profile because this determines the way the firewall policies work. In Windows 8 and Windows Server 2012, the Get-NetConnectionProfile<\/b> cmdlet is extremely useful for this task. I first enumerate my network adapters, find the ones that are up, and then get the network connection profile. The commands are shown here.<\/p>\n

Note<\/b>   I use the error action of 0 to remove errors about connection profiles for virtual adapters that are not connected to a network but are considered to be up. I also use the simple Where-Object<\/b> syntax (?<\/b> is an alias for the Where-Object<\/b> cmdlet). Keep in mind when working with Windows PowerShell cmdlets that you have tab completion, and it greatly simplifies typing commands.<\/p>\n

PS C:> Get-NetAdapter | ? status -EQ ‘up’ | Get-NetConnectionProfile –ea 0<\/p>\n

Name             : Unidentified network<\/p>\n

InterfaceAlias   : vEthernet (InternalSwitch)<\/p>\n

InterfaceIndex   : 19<\/p>\n

NetworkCategory  : Public<\/p>\n

IPv4Connectivity : NoTraffic<\/p>\n

IPv6Connectivity : NoTraffic<\/p>\n

 <\/p>\n

Name             : iammred.net<\/p>\n

InterfaceAlias   : vEthernet (External Switch)<\/p>\n

InterfaceIndex   : 23<\/p>\n

NetworkCategory  : DomainAuthenticated<\/p>\n

IPv4Connectivity : Internet<\/p>\n

IPv6Connectivity : LocalNetwork\nTo find the names and the status of the various Windows Firewall profiles, I use the Get-NetFirewallProfile<\/b> cmdlet. I pipe the results to the Format-Table<\/b> cmdlet (ft<\/b> is the alias), and I choose only the name and the enabled properties. I then use the autosize<\/b> <\/i>switch to tighten up the display. The command and results are shown here.<\/p>\n

PS C:> Get-NetFirewallProfile | ft name, enabled -auto<\/p>\n

name    Enabled<\/p>\n

—-    ——-<\/p>\n

Domain     True<\/p>\n

Private    True<\/p>\n

Public     True\nNow for the first frustration: Except for the public<\/i> network category, the value of the network category and the name of the firewall profile do not match up, and, therefore, it prevents piping. In this case, I cannot use Get-NetworkAdapter<\/b> to get my network adapters, pipe it to the Get-NetConnectionProfile<\/b> cmdlet, and then pipe it to the Get-NetFireWallProfile<\/b> cmdlet. However, I can focus on the details of a specific firewall profile. Here are the details of the public network profile.<\/p>\n

PS C:> Get-NetFirewallProfile public<\/p>\n

Name                            : Public<\/p>\n

Enabled                         : True<\/p>\n

DefaultInboundAction            : NotConfigured<\/p>\n

DefaultOutboundAction           : NotConfigured<\/p>\n

AllowInboundRules               : NotConfigured<\/p>\n

AllowLocalFirewallRules         : NotConfigured<\/p>\n

AllowLocalIPsecRules            : NotConfigured<\/p>\n

AllowUserApps                   : NotConfigured<\/p>\n

AllowUserPorts                  : NotConfigured<\/p>\n

AllowUnicastResponseToMulticast : NotConfigured<\/p>\n

NotifyOnListen                  : True<\/p>\n

EnableStealthModeForIPsec       : NotConfigured<\/p>\n

LogFileName                     : %systemroot%system32LogFilesFirewallpfirewall<\/p>\n

                                  log<\/p>\n

LogMaxSizeKilobytes             : 4096<\/p>\n

LogAllowed                      : False<\/p>\n

LogBlocked                      : False<\/p>\n

LogIgnored                      : NotConfigured<\/p>\n

DisabledInterfaceAliases        : {NotConfigured}\n
The cool thing is that the Get-NetFirewallProfile<\/b> cmdlet accepts an array for the profile name. Therefore, I can use a command something like the one appearing here.<\/p>\n

Get-NetFirewallProfile domain,private,public\nEven better, the Get-NetFirewallProfile<\/b> cmdlet accepts wildcards. Therefore, I can use a command something like this one.<\/p>\n

Get-NetFirewallProfile d*,p*\nOne problem with the firewall cmdlets is that they are all part of the massive NetSecurity module—a module that supplies 84 cmdlets and functions. I found this out by using the command shown here.<\/p>\n

PS C:> (gcm -Module netsecurity).count<\/p>\n

84\nFurther, there are no aliases for any of the commands in the NetSecurity module. This is revealed by the command shown here.<\/p>\n

gcm -Module netsecurity | % {gal -Definition $_.name -ea 0}\nBesides no aliases for the firewall cmdlets, all of the names are pretty long, and due to the naming convention, tab expansion for the cmdlet names is not very efficient either. The 27 cmdlets appear here (sorted by name because the verb and noun are not exposed through Get-Command<\/b>).<\/p>\n

PS C:> gcm -noun *fire* | sort name | select name<\/p>\n

Name<\/p>\n

—-<\/p>\n

Copy-NetFirewallRule<\/p>\n

Disable-NetFirewallRule<\/p>\n

Enable-NetFirewallRule<\/p>\n

Get-NetFirewallAddressFilter<\/p>\n

Get-NetFirewallApplicationFilter<\/p>\n

Get-NetFirewallInterfaceFilter<\/p>\n

Get-NetFirewallInterfaceTypeFilter<\/p>\n

Get-NetFirewallPortFilter<\/p>\n

Get-NetFirewallProfile<\/p>\n

Get-NetFirewallRule<\/p>\n

Get-NetFirewallSecurityFilter<\/p>\n

Get-NetFirewallServiceFilter<\/p>\n

Get-NetFirewallSetting<\/p>\n

New-NetFirewallRule<\/p>\n

Remove-NetFirewallRule<\/p>\n

Rename-NetFirewallRule<\/p>\n

Set-NetFirewallAddressFilter<\/p>\n

Set-NetFirewallApplicationFilter<\/p>\n

Set-NetFirewallInterfaceFilter<\/p>\n

Set-NetFirewallInterfaceTypeFilter<\/p>\n

Set-NetFirewallPortFilter<\/p>\n

Set-NetFirewallProfile<\/p>\n

Set-NetFirewallRule<\/p>\n

Set-NetFirewallSecurityFilter<\/p>\n

Set-NetFirewallServiceFilter<\/p>\n

Set-NetFirewallSetting<\/p>\n

Show-NetFirewallRule\nBecause of the naming convention, when using tab expansion, I have to type NetFirewall<\/b>, and then a letter, such as P<\/b> or R<\/b> or S<\/b>, to get close to the actual function name. If I type NetF<\/b> and press tab, I have to cycle through the commands to find the function name I’m looking for.<\/p>\n

Note<\/b>   If your duties require you to spend much time working with the firewall cmdlets, I recommend that you create your own series of aliases for the functions with which you regularly work. Store these aliases in a module that you can load on demand or in your profile, if you wish to have them at hand.\nThat is a quick overview of the firewall functions. Hope all is well with you, and happy scripting.\nI invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.\nEd Wilson, Microsoft Scripting Guy<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to work with Windows Firewall on Windows 8 and Windows Server 2012. Microsoft Scripting Guy, Ed Wilson, is here. The Scripting Wife returned home from the Windows PowerShell Saturday #003 event in Atlanta, Georgia, last night, and she was exhausted—happy, but exhausted. First of all we had […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[161,362,3,63,61,367,45],"class_list":["post-4757","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-firewall","tag-powershell-3","tag-scripting-guy","tag-security","tag-weekend-scripter","tag-windows-8","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to work with Windows Firewall on Windows 8 and Windows Server 2012. Microsoft Scripting Guy, Ed Wilson, is here. The Scripting Wife returned home from the Windows PowerShell Saturday #003 event in Atlanta, Georgia, last night, and she was exhausted—happy, but exhausted. First of all we had […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/4757","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=4757"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/4757\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=4757"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=4757"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=4757"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}