CODEWITHSUNDEEP
powershellwindows-server-2008-r2windows-firewall
Sl-NZ
Sl-NZ

Reputation: 74

How to Disable/Enable Windows Firewall Rule based on associated port number

I am trying to create a PowerShell script (Target Level OS 2008 R2) that 1.

  1. Runs through a array of ports
  2. List all firewall policy associated with the ports
  3. Capture the "Rule Names" into a array currently stuck here
  4. Run through each "Rule Name", either disable or enable the policy based on current state.

I am stuck at point 3 of my list above. Is anyone able to help or possibly direct me in the correct direction?

Current Code:

$array = @("3050", "300", "8080","7080","5090")
for ($i=0; $i -lt $array.length; $i++) {
    $searchPort = "(LocalPort.*" + $array[$i] + ")"
    $front = netsh advfirewall firewall show rule dir=in name=all |
             Select-String -Pattern ($searchPort) -Context 9,4
    Write-Host $front
}

Copy of result based on my current script:

Rule Name:                            interbase port
----------------------------------------------------------------------
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             TCP
LocalPort:                            3050
RemotePort:                           Any
Edge traversal:                       No
Action:                               Allow

Rule Name:                            MT
----------------------------------------------------------------------
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             UDP
LocalPort:                            300
RemotePort:                           Any
Edge traversal:                       No
Action:                               Allow

Rule Name:                            medtech port
----------------------------------------------------------------------
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             UDP
LocalPort:                            300
RemotePort:                           Any
Edge traversal:                       No
Action:                               Allow

Upvotes: 0

Views: 2160

Answers (1)

Ansgar Wiechers
Ansgar Wiechers

Reputation: 200453

Simply extract the rule name from the pre-context of your match. Since you probably want to work with several elements from the pre- and post-context I'd recommend piping the output of Select-String into ForEach-Object instead of collecting it in a variable. Then you can toggle firewall rules e.g. like this:

$toggle = @{
  'yes' = 'no'
  'no'  = 'yes'
}

netsh ... | Select-String -Pattern $searchPort -Context 9,4 | ForEach-Object {
  $rule    = $_.Context.PreContext[0] -replace 'rule name:\s*'
  $enabled = $_.Context.PreContext[2] -replace 'enabled:\s*'

  & netsh advfirewall firewall set rule name="$rule" new enable=$($toggle[$enabled])
}

Upvotes: 0

Related Questions