问题
I'm trying to find if a firewall rule already existing, with the same name, same configuration, like: localport.
So I use Get-NetFirewallRule to list all rules, but the rules returned do not contain the information of port, also some other information are missing. where can I find all the config of a rule. Below is the attributess returned:
Name DisplayName Description DisplayGroup Group Enabled Profile Platform Direction Action EdgeTraversalPolicy LooseSourceMapping LocalOnlyMapping Owner PrimaryStatus Status EnforcementStatus PolicyStoreSource PolicyStoreSourceType
回答1:
In order to find the port numbers that are already in the firewall rules, you can use a different cmdlet Get-NetFirewallPortFilter.
(Info)
Use Get-NetFirewallRule to filter which subset of rules you want to look at and pipe it to the above cmdlet. eg.:
Get-NetFirewallRule -DisplayName "SQL Broker Service" | Get-NetFirewallPortFilter
Sounds like the property you are after is localport.
回答2:
Use the Select-Object Cmdlet to Display all Properties
This will Display only the First one so you dont get flooded with text, feel free to delete the "-First 1" as needed
Get-NetFirewallRule | select -First 1 -Property *
However investigating that it does not seem like there is Information about the port, looking further into it - you would probably need to use Get-NetFirewallPortFilter and match them up by instanceid. If you need help with that I'll need a little more Information on what you are trying to accomplish.
回答3:
Use the below command to list all.
Get-NetFirewallRule| Where { $_.Enabled -eq $True } |
Format-Table -Property Name,
DisplayName,
DisplayGroup,
@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},
@{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}},
@{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}},
@{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}},
Enabled,
Profile,
Direction,
Action
The output is shown below
回答4:
What I don't think is understood by many, including me recently, is that the Get-NetFirewall*Filter commands provide a speedy shortcut to searching the firewall rules, like the -filter option does in other commands. If I were to do this, it would take a very long time:
Get-NetFirewallRule | Get-NetFirewallPortFilter |
Where LocalPort -eq 3389
While this is almost instant:
Get-NetFirewallPortFilter | Where LocalPort -eq 3389
And Get-NetFirewallPortFilter actually returns the name of the firewall rule in the InstanceID property, which isn't shown by default. That's why you can pipe Get-NetFirewallPortFilter back into Get-NetFirewallRule.
Get-NetFirewallPortFilter | Where LocalPort -eq 3389 |
Get-NetFirewallRule
Here's a function that gives netsh-like verbose output, with the ports, addresses, and applications:
function mynetsh ($displayname) {
$rule = get-netfirewallrule -displayname $displayname
$address = $rule | Get-NetFirewallAddressFilter
$port = $rule | Get-NetFirewallPortFilter
$application = $rule | Get-NetFirewallApplicationFilter
[pscustomobject]@{
DisplayName = $rule.DisplayName
Description = $rule.Description
Enabled = $rule.Enabled
Direction = $rule.Direction
Profile = $rule.Profile
DisplayGroup = $rule.DisplayGroup
LocalAddress = $address.LocalAddress
RemoteAddress = $address.RemoteAddress
Protocol = $port.Protocol
LocalPort = $port.LocalPort
RemotePort = $port.RemotePort
EdgeTraversalPolicy = $rule.EdgeTraversalPolicy
Program = $application.Program
Action = $rule.Action
}
}
mynetsh 'Remote Desktop - User Mode (TCP-In)'
DisplayName : Remote Desktop - User Mode (TCP-In)
Description : Inbound rule for the Remote Desktop service to allow RDP traffic. [TCP 3389]
Enabled : False
Direction : Inbound
Profile : Any
DisplayGroup : Remote Desktop
LocalAddress : Any
RemoteAddress : Any
Protocol : TCP
LocalPort : 3389
RemotePort : Any
EdgeTraversalPolicy : Block
Program : %SystemRoot%\system32\svchost.exe
Action : Allow
来源:https://stackoverflow.com/questions/42110526/why-doesnt-get-netfirewallrule-show-all-information-of-the-firewall-rule