Windows contains a robust, yet easy to use, advanced firewall, and using PowerShell 7 we can easily configure the firewall from the command line. This article covers common commands used in the Windows Firewall and where they may be used.

The module NetSecurity is well documented. Keep in mind that this article only applies to the Windows operating system. For other operating systems, there are other command-line tools that can be used to do the same type of functions such as UFW or IPTables on Linux.

Loading the NetSecurity Module

The NetSecurity module, built-in and offered by Microsoft, contains all of the functionality needed to add, remove, and modify firewall rules. To load the module, simply import the module as shown below.

List Existing Firewall Rules

The cmdlet, Get-NetFirewallRule will show all existing firewall rules. There are many, by default, so to demonstrate, we output the first 10.

There are many properties that are returned by Get-NetFirewallRule. Though we list only a properties above, running Get-NetFirewallRule | Select-Object * -First 1, will list all available.

Create a New Firewall Rule

There are many different ways to create a new Firewall rule but the command that does this is Net-NewFirewallRule. The basic properties that need to be filled in are:

DisplayName – The friendly name of the firewall rule Direction – Whether to block traffic leaving the computer Outbound or coming into the computer Inbound Action – What action to take if the rule is met, Allow or Block

$Params = @{ “DisplayName” = ‘Block WINS’ “Direction” = ‘Inbound’ “Action” = ‘Block’ “RemoteAddress” = ‘WINS’ }

New-NetFirewallRule @Params If the Name parameter is not used, then a random GUID is used. The DisplayName may be human readable but the Name itself assigned a random GUID.

Modify an Existing Firewall Rule

What if we want to modify an existing rule without removing and recreating the rule entirely. To do so, we should run the Set-NetFirewallRule, and will allow us to modify the firewall rule as necessary.

Other useful abilities that the Set-NetFirewallRule has is the ability to operate on multiple rules at once. This can be done by locating rules by one of three parameters.

NameThis is the default and if names are set in via the pipeline or a string array then each will acted upon. DisplayNameSimilar to Name, multiple pipelined objects or a string array will modify those rules accordingly. DisplayGroup or GroupIf rules are grouped together, all of those rules grouped can be acted upon at once.

Remove an Existing Firewall Rule

Finally, we would like to remove the existing rule as it may no longer be needed. To do this, run the command Remove-NetFirewallRule. When you do so, it is often wise to use the WhatIf parameter to verify that the rule is the correct one to remove.

It’s important to note that the Remove-NetFirewallRule can remove multiple rules at once. An example of this type of functionality is below. The below rule will remove all disabled rules contained within the policy firewall_gpo in the ad.local.test domain.

A useful command, but potentially dangerous, is running Remove-NetFirewallFule by itself which removes all of the static local firewall rules that have been created. If you have a domain GPO that defines firewall rules, this will remove any that may conflict with those GPO defined rules.

Additional Functionality

There are many other commands available within the NetSecurity module. Though we don’t cover them all here, a few notable commands are shown below to demonstrate how extensive the module is.

Copy-NetFirewallRuleThis command will copy an existing firewall rule and all associated filters to the same or different policy store. Disable-NetFirewallRuleThis will disable a previously enabled firewall rule. The rule will still exist, but not actively modify any network data. If you run this command without any parameters, it will disable all active rules on the target computer. It is advised to always run this command with the WhatIf parameter if not targeting a specific rule or set of rules. Enable-NetFirewallRuleLike the Disable-NetFirewallRule, this command will enable a previously disabled rule or set of rules. If this command is run without any parameters it will enable all previously disabled rules. It is advised to always run this command with the WhatIf parameter if not targeting a specific rule or set of rules. Get-NetFirewallProfileThis command shows the currently configured options for a specified profile, such as the Domain, Private, or Public profiles. Get-NetFirewallSettingThe global firewall settings can be retrieved by using the Get-NetFirewallSetting command. These settings include such options as certificate options, packet queueing, or authorization lists. Rename-NetFirewallRuleTo rename an existing firewall rule, use the Rename-NetFirewallRule command. This is useful if a rule was created without a specified name, thereby receiving a random GUID as it’s name, and it is preferred to have a human-readable name assigned. Set-NetFirewallProfileTo set specific settings for individual profiles, use the Set-NetFirewallProfile command. This allows each profile to have distinct settings. Set-NetFirewallSettingThis command configures global firewall behaviors that apply regardless of the network profile currently in use. Show-NetFirewallRuleThis helper command will show the firewall rules and their associated objects in a formatted list.

There is extensive IPSec functionality contained within the module. The commands listed above are those that operate on the standard Windows Firewall settings.

Conclusion

There are many available commands for managing the Windows Firewall. This article only touches on a few of them, notably the most important commands to quickly list, create, modify, and remove firewall rules. Even complex firewall configurations can be accomplished strictly through the command line using the NetSecurity PowerShell module!