Learn about my 2012 Core Survival Guide here.
In this blog I am going to covers the very basic of viewing, enabling and disabling existing firewall rules.
How to view firewall settings
It is important to know the name of the rule you wish to enable or disable. The Get-NetFirewallRule cmdlet is used to list out all of the rules. You will need to know the exact spelling of the rules "Name" to manage a single rule or the exact spelling of the "DisplayGroup" to manage a group of rules.
Get-netfirewallrule | format-table name, displaygroup, action, direction, enabled -autosize
The output below shows each rule, its Name, DisplayGroup, and if it is enabled or not.
Discovering where the Firewall Logs are located
Each firewall profile has a log. In order to discover where they are located you can use the cmdlet Get-netfirewallprofile.
Get-netfirewallprofile | format-table name, enabled, logfilename -autosize
The output below shows the location of the firewall logs.
Displaying a single firewall rule settings
In order to discover all properties of a rule you can use the cmdlet show-netfirewallrule.
Show-NetFirewallRule | where name -eq "CoreNet-DHCP-In"
Get-NetFirewallRule | where name -eq "CoreNet-DHCP-In"
The screen shot below shows the attributes for the firewall rule "CoreNet-DHCP-In".
How to enable a single firewall rule
To enable a firewall rule, we first get the object then pipe it to the enable-firewallrule cmdlet.
Get-NetFirewallRule -name CoreNet-DHCP-In | enable-netfirewallrule
The output below shows that CoreNet-DHCP-In starts off disabled then is enabled by the command in yellow.
How to disable a single firewall rule
To disable a firewall rule we first get the object then pipe it to the disable-firewallrule cmdlet.
Get-NetFirewallRule -name CoreNet-DHCP-In | disable-netfirewallrule
The output below shows that CoreNet-DHCP-In starts off enabled then is disabled by the command in yellow.
How to enable a DisplayGroup of firewall rules
To enable a DisplayGroup of firewall rules you must know the exact spelling of the display group and use the Enable-NetfirewallRule cmdlet.
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
The screen shot below shows the current value, followed by the command to edit the value, followed by a command to confirm the settings have been changed.
How to disable a DisplayGroup of firewall rules
To disable a DisplayGroup of firewall rules you must know the exact spelling of the display group and use the disable-NetfirewallRule cmdlet.
Disable-NetFirewallRule -DisplayGroup "Remote Desktop"
In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall rules, followed by the command to confirm the setting changed.
I hope you found this useful. Please leave me a comment. Let me know if there are any core tasks you would like me to cover.
great article, very interesting as a starting point to create a table of the firewall rules in the local Language.
For example, "Remote Desktop" in Italian translates to "Desktop Remoto" that is easy to translate but for some rules names is not so easy ...
Get-NetFirewallRule-DisplayGroup "Remote Desktop" | format-table Name, Enabled - autosize
Get-NetFirewallRule-DisplayGroup "Desktop Remoto" | format-table Name, Enabled - autosize
Hi Bruce, this is really helpful, how can I run this using a local account, I am getting access denied when running this under a local account, I want to disable a specific in bound rule on a specific condition which I am doing programatically, how can
I ensure that when my .ps1 file runs, it runs with admin(elevated) perms