Reputation: 321
Powershell script to add multiple remote address to firewall rules
I am trying to write a script that will loop through local firewall rules and update the remote address table.
Here is what I have so far, it does not work. Should be simple, so not sure whats going on. The script runs without error, but does not actually update anything.
$name = Get-NetFirewallRule -DisplayName "*Desktop*" |ft -HideTableHeaders Displayname
$ips = "192.168.1.150, 192.168.1.151"
foreach ($r in $name)
{
Set-NetFirewallRule -DisplayName $r -RemoteAddress $ips
}
The $name variable passes in the rules I want to alter by name, the $ips variable passes in the IP addresses I want.
Does this script look right?
Updated
With the help of @Kev, whose comments/answers dissappeared for some reason, this is the working script....
$name = Get-NetFirewallRule -DisplayName "*Backup*"
#$ips = @("192.168.1.150", "192.168.1.151")
foreach ($r in $name)
{
Set-NetFirewallRule -DisplayName $r.DisplayName -RemoteAddress $ips
}
My only other question, is why is it $r.DisplayName?
Upvotes: 15
Views: 31311
Answers (4)
Reputation: 1
new version guy
$newips =("6.6.6.1", "6.6.6.1", "6.6.6")
$ips = (Get-NetFirewallRule -DisplayName "Test-Rule" | Get-NetFirewallAddressFilter ).RemoteAddress
if ($ips -notcontains 'Any'){
$ipconcat = $newips + $ips}
else {$ipconcat = $newips}
$ipconcat = $ipconcat | select -Unique | sort
Set-NetFirewallRule -DisplayName "Test-Rule" -RemoteAddress $ipconcat
Upvotes: 0
Reputation: 3212
in case you need to remove duplicate items and also sort the ips you can do this
$newips =@("1.2.3.4","5.3.4.5","4.2.3.5")
$ips = (Get-NetFirewallRule -DisplayName "Block Attacker" | Get-NetFirewallAddressFilter ).RemoteAddress
$ipconcat = $ips + $newips
$ipconcat = $ipconcat | select -Unique | sort
Set-NetFirewallRule -DisplayName "Block Attacker" -RemoteAddress $ipconcat
Upvotes: 4
Reputation: 2570
Combining the above answers, this is what I ended up using - this ADDS an ARRAY of IPs to the existing IPs in the rule:
$ips = (Get-NetFirewallRule -DisplayName "MyRule" | Get-NetFirewallAddressFilter ).RemoteAddress
$newips = @("1.1.1.1","2.2.2.2")
$add = $ips + $newips
Set-NetFirewallRule -DisplayName "My Rule" -RemoteAddress $add
Upvotes: 4
Reputation: 119856
The -RemoteAddress parameter takes a string array, so you should change:
$ips = "192.168.1.150, 192.168.1.151"
to:
$ips = @("192.168.1.150", "192.168.1.151")
Updated:
Per your comment below, you don't need to pipe the result of Get-NetFirewallRule into ft or Format-Table. Do this instead:
$name = Get-NetFirewallrule -DisplayName "*Desktop*"
$ips = @("1.1.1.1", "2.2.2.2")
foreach($r in $name)
{
Set-NetFirewallRule -DisplayName $r.DisplayName -RemoteAddress $ips
}
What you're doing is iterating the array of firewall objects directly which is slightly more efficient.
Adding an IP address to an existing range of IPs in a rule:
If you already have a rule which has been assigned one or more IP's, you can append additional IP's by doing:
$ips = (Get-NetFirewallRule -DisplayName "MyRule" | Get-NetFirewallAddressFilter ).RemoteAddress
$ips += "192.168.1.123"
Set-NetFirewallRule -DisplayName "MyRule" -RemoteAddress $ips
Upvotes: 20
Related Questions
- Terminating a script in PowerShell
- How can I pass an argument to a PowerShell script?
- How to run a PowerShell script
- How to stop a PowerShell script on the first error?
- What's the best way to determine the location of the current PowerShell script?
- How do I pass multiple parameters into a function in PowerShell?
- Echo equivalent in PowerShell for script testing
- Add firewall rules over PowerShell from data in Excel
- Powershell extract TCP port from log file to update Firewall rule
- Search for and modify a firewall rule in powershell using Get-NetFirewallRule/PortFilter/AddressFilter