Create Firewall Rule

Welcome Forums General PowerShell Q&A Create Firewall Rule

This topic contains 3 replies, has 3 voices, and was last updated by

5 years, 7 months ago.

  • Author
  • #9901

    Points: 0
    Rank: Member


    I'm attempting to use Powershell v3 (on Windows 2008R2) to create a new firewall rule.
    I've found that the helpful new cmdlets only work on Win2k12 or Win8. So I'm trying to find a way using Powershell v2.

    Does anyone have a quick script they can share? Othewise here is what I'm working with so far, with little success.
    Import-Module ServerManager

    $FWPath = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules'
    New-ItemProperty -Path $FWPath -Name TEST_Allow_Secure_HTTPS_Ports -Type String -Value 'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1443,2443,3443,4443,5443,6443,7443,8443,9443|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30502|Desc=@%windir%\system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30503|'

  • #9902

    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    Yeah, so, you've figured this out, but for the benefit of anyone running across this...

    The version of PowerShell you use doesn't necessarily confer specific capabilities. Capability is part of the OS version. So on Win2012/Win8, you get more commands – therefore, more capability – than you do on older versions of Windows, regardless of which PowerShell version you're using. So whether you're using PowerShell v3 or v2 doesn't matter. Neither of them come with firewall commands. Win2012 comes with firewall commands.

    Have you considered looking at the "netsh advfirewall" command? – intended to offer command-line management of the firewall, and completely usable from Cmd.exe or from PowerShell. I don't think it's strictly recommended that you hack the registry directly – my impression has always been that's there mainly for use by GPO-based firewall management.

  • #9903

    Points: 0
    Rank: Member

    You can also use the HNetCfg.FwMgr COM object

  • #9904

    Points: 0
    Rank: Member

    Thanks Richard, I had tried going down that path but it seemed far more difficult than necessary.
    Thanks, Don, I went with the NetSH approach as suggested. I initially looked at this, but was hoping to find a more powershell-ish way of doing this.
    Just in case someone else needs an example in the future, here is what I ended up doing:

    #Set Firewall to allow secure ports 1443,2443,3443,4443
    1443, 2443, 3443 | %{
    write-verbose "Firewall: Checking if secure port is allowed: $_"
    $ruleExist=(netsh advfirewall firewall show rule name="VCI: Allow HTTPS $_")
    if ($ruleExist -cmatch "HTTPS $_"){
    write-verbose "Port $_ rule already exists"
    write-verbose "Port $_ missing, creating firewall rule"
    netsh advfirewall firewall add rule name="VCI: Allow HTTPS $_" dir=in action=allow enable=yes Localip=Any LocalPort=$_ protocol=TCP


The topic ‘Create Firewall Rule’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort