Advertisement
guyrleech

Show Port Specific Enabled Windows Firewall Rules

Sep 24th, 2024 (edited)
997
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 1.27 KB | Cybersecurity | 0 0
  1. ## Firewall rules returned by PowerShell Get-NetFirewallRule don't include port information so we get port filters for specific remote ports & cross reference to the corresponding firewall rules and also to application (process/app) filters
  2.  
  3. $allrules = Get-NetFirewallRule ## cache all rules as quicker than retrieving individually
  4. $allAppFilters = Get-NetFirewallApplicationFilter
  5. Get-NetFirewallPortFilter|group localport,protocol|select @{n='Local Port';e={if( $p = $_.group[0].LocalPort -as [int]) { $p } else { $_.group[0].LocalPort}}},@{n='Remote Port';e={if( $p = $_.group[0].RemotePort -as [int]) { $p } else { $_.group[0].RemotePort}}},@{n='Protocol';e={$_.group[0].Protocol}},@{n='Enabled';e={ $group = $_.group ; $script:rules = $allrules|where { $group.InstanceID -contains $_.Name -and $_.Enabled -ieq 'true'} ; $script:rules|Select -ExpandProperty Enabled -Unique}},@{n='Program';e={$group=$_.group;$script:apprule=$allAppFilters|Where { $group.InstanceId -contains $_.InstanceId};$script:apprule.Program|select -unique}},@{n='Direction';e={$script:rules|select -expand direction -unique}},@{n='Action';e={$script:rules|select -expand action -unique}},@{n='Rules';e={( $script:rules|Select -ExpandProperty DisplayName -Unique|sort) -join "`n" }}|where enabled|sort 'local port'
Tags: Firewall
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement