Reputation: 155
Search for and modify a firewall rule in powershell using Get-NetFirewallRule/PortFilter/AddressFilter
What I am trying to do seems simple but I need help knitting all the pieces together.
What I want to do is search all the firewall rules based on local port and protocol (i.e. 3389 TCP) then, if I find one, ensure that the RemoteAddress is set to x.x.x.x. If I don't find one, then add it.
I can't seem to find out how to knit together Get-NetFirewallPortFilter, Get-NetFirewallAddressFilter, and Get-NetFirewallRule to do what I want.
We have a Remote Desktop Gateway and Multi-Factor Authentication and as part of compliance, all RDP connections must go through the RDGateway so that Two Factor is used. There is a rule in place at the firewall but I want to find some way to enforce this on mass using Powershell (in an SCCM compliance item) at the Windows Firewall level too. Sure I could do a Group Policy Objects but I want to be able to report on compliance which is why I am trying to do this via System Center Configuration Manager.
Upvotes: 0
Views: 2094
Answers (2)
Reputation: 171
Piping each command to the next takes the input and filters to the end where your result showing the list of Scopes (RemoteAddress) by expanding the selected property, which you can then use to Edit your Set. Each Command shows a subset of the prior one...
Get-NetFirewallRule -DisplayName "Allow Port 3389 - RDP Access" |Get-NetFirewallAddressFilter |Select -expandproperty RemoteAddress
Upvotes: 0
Reputation: 27606
Ugh. I believe this will work. You can pipe these things both ways. I believe it's pretty self explanatory, but it takes 2 minutes on my computer. At least I got a progress bar. The whatif output is actually incorrect. That's the name, not the displayname.
EDIT: Oh I see. It's much faster without the first command. I guess that's the point. I never understood. It's like the -filter parameter to other commands like get-childitem, that make it faster. Get-NetfirewallPortFilter actually returns the name of the firewall rule if you look at all the properties.
# Get-NetFirewallRule |
Get-NetFirewallPortFilter -Protocol TCP |
Where LocalPort -eq 3389 | Get-NetFirewallRule |
Set-NetFirewallRule -RemoteAddress 192.168.1.1 -WhatIf
Output:
What if: Set-NetFirewallRule DisplayName: RemoteDesktop-UserMode-In-TCP
Upvotes: 0
Related Questions
- PowerShell find firewall rule by port
- Enable and Disable Windows Firewall Rule with WindowsFirewallHelper c#
- Add Windows firewall rule over PowerShell
- How can you check for existing firewall rules using Powershell
- Disable all the unwanted Windows Firewall rules using PowerShell
- Windows Firewall Rule manipulation using PowerShell 2
- Change Windows Firewall Settings With PowerShell But Do Not Show Output
- modify Windows Firewall with command prompt
- Windows 10 script to enable/disable TCP port
- Script to change windows firewall remote address excluding rules with localsubnets