PowerShell 2 min read
Use PowerShell to Get Firewall Rules from Remote Computer (Get-FirewallRules)
Michael Wu ·
I needed a way to troubleshoot firewall issues by viewing applied rules without relying on RDP and navigating through the Windows Firewall GUI.
The Function
<#
.SYNOPSIS
Show Firewall rules from the remote computer
.EXAMPLE
Get-FirewallRules dsc-tst1
.EXAMPLE
Get-FirewallRules -ComputerName dsc-tst1 -Name "Core*" -LocalPort RPC
#>
function Get-FirewallRules {
[CmdletBinding()]
param (
[Parameter(Mandatory = $false, Position = 0,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true)]
[string]$ComputerName = $env:computername,
[Parameter(Mandatory = $false)]
[ValidateSet("True", "False")]
[string]$Enabled = "True",
[Parameter(Mandatory = $false)]
[string]$Name = "",
[Parameter(Mandatory = $false)]
[string]$Protocol = "",
[Parameter(Mandatory = $false)]
[string]$LocalPort = "",
[Parameter(Mandatory = $false)]
[string]$RemoteAddress = ""
)
begin {
if (-not (Test-Connection $ComputerName -Quiet -Count 1)) {
Write-Host "$ComputerName is offline..." -ForegroundColor Red
break
}
if (-not (Test-WSMan $ComputerName -ErrorAction SilentlyContinue)) {
Write-Host "PowerShell Remoting is disabled..." -ForegroundColor Red
break
}
}
process {
$rules = Invoke-Command $ComputerName -ScriptBlock {
$FWObjs = @()
$fws = Get-NetFirewallRule -Direction Inbound -PolicyStore ActiveStore `
-Action Allow -Enabled $args[0]
foreach ($fw in $fws) {
$remoteAddress2 = $fw | Get-NetFirewallAddressFilter |
Select-Object -ExpandProperty RemoteAddress
$protocol2 = $fw | Get-NetFirewallPortFilter |
Select-Object -ExpandProperty Protocol
$localPort2 = $fw | Get-NetFirewallPortFilter |
Select-Object -ExpandProperty LocalPort
$fw | Add-Member -MemberType NoteProperty -Name Protocol -Value $protocol2
$fw | Add-Member -MemberType NoteProperty -Name LocalPort -Value $localPort2
$fw | Add-Member -MemberType NoteProperty -Name RemoteAddress -Value $remoteAddress2
$FWObjs += $fw
}
$FWObjs | Sort-Object displayname |
Where-Object displayname -NotLike "@{Microsoft.*" |
Select-Object displayname, RemoteAddress, Protocol, LocalPort
} -ArgumentList $Enabled
# Apply filters
$filtered = $rules
if ($Name) { $filtered = $filtered | Where-Object displayname -Like $Name }
if ($Protocol) { $filtered = $filtered | Where-Object Protocol -EQ $Protocol }
if ($LocalPort) { $filtered = $filtered | Where-Object LocalPort -Contains $LocalPort }
if ($RemoteAddress) { $filtered = $filtered | Where-Object RemoteAddress -Contains $RemoteAddress }
$filtered | Sort-Object displayname |
Select-Object displayname, RemoteAddress, Protocol, LocalPort
}
}Usage Examples
# Basic query
Get-FirewallRules DSC-TST1
# Filter by port
Get-FirewallRules DSC-TST1 | Where-Object localport -eq 80 | Format-Table
# Expand remote address
Get-FirewallRules DSC-TST1 |
Where-Object displayname -eq "Test Fw" |
Select-Object -ExpandProperty RemoteAddressThe function supports filtering by Name, RemoteAddress, Protocol, and LocalPort parameters.