Windows Firewall Advanced Security

Welcome Forums General PowerShell Q&A Windows Firewall Advanced Security

This topic contains 2 replies, has 3 voices, and was last updated by

 
Participant
4 months, 3 weeks ago.

  • Author
    Posts
  • #119281

    Participant
    Points: 60
    Rank: Member

    I have more that 1k sever to block RPC and SMB ports for all inbound connection but allow it for specific IP addresses. Below is my basic commands to implement 4 different rules. Two block and 2 to allow. It doesn't work. It still allows non specified IP address. Any help I can get to resires this will be highly welcome.

     

    New-NetFirewallRule `-DisplayName "BLOCK ln(RPC/SMB TCP Port 137,139,445) inbound" `

    -Name "RPC/SMB (TCP Port 137,139,445) inbound" `

            -Description 'This rule blocks all (RPC/SMB TCP port 135,137,139) from inbound access' `
    -Direction Inbound `
    -Enabled False `
    -Action Block `
    -Profile Any `
    -Protocol TCP `
    -LocalPort 137,139,445 `
    -RemotePort 137,139,445

            New-NetFirewallRule `
    -DisplayName "RPC/SMB (UDP Port 135,137,139) inbound" `
    -Name "RPC/SMB (UDP Port 135,137,139) inbound" `
    -Description 'This rule blocks all (RPC/SMB UDP port 135,137,139) from inbound access' `
    -Direction Inbound `
    -Enabled False `
    -Action Block `
    -Profile Any `
    -Protocol UDP `
    -LocalPort 135,137,139

    New-NetFirewallRule `
    -DisplayName "ALLOW (RPC/SMB TCP Port 137,139,445) inbound" `
    -Name "ALLOW (RPC/SMB TCP Port 135,139) inbound ALLOWED" `
    -Description 'This rule allow Inbound traffic to specific IP Adresses' `
    -Direction Inbound `
    -Enabled False `
    -Action Allow `
    -Profile Any `
    -Protocol TCP `
    -LocalPort 137,139,445 `
    -RemotePort 137,139,445 `
    -RemoteAddress '192.168.0.110'

    New-NetFirewallRule `
    -DisplayName ".TAP-10_ALLOW (RPC/SMB UDP Port 135,137,139) inbound" `
    -Name ".TAP-10_ALLOW (RPC/SMB UDP Port 135,137,139) inbound ALLOWED" `
    -Description 'This rule allow Inbound traffic to specific IP Adresses' `
    -Direction Inbound `
    -Enabled False `
    -Action Allow `
    -Profile Any `
    -Protocol UDP `
    -LocalPort 135,137,139 `
    -RemotePort 135,137,139 `
    -RemoteAddress '192.168.0.110'

  • #120111

    Moderator
    Points: 219
    Team MemberHelping Hand
    Rank: Participant

    Looks like you have the firewall rules set to Enable = False.
    Also, consider splatting (like below):

    $params = @{
        DisplayName = 'BLOCK ln(RPC/SMB TCP Port 137,139,445) inbound'
        Name        = 'RPC/SMB (TCP Port 137,139,445) inbound'
        Description = 'This rule blocks all (RPC/SMB TCP port 135,137,139) from inbound access'
        Direction   = 'Inbound'
        Enabled     = 'True'
        Action      = 'Block'
        Profile     = 'Any'
        Protocol    = 'TCP'
        LocalPort   = @(137,139,445)
        RemotePort  = @(137,139,445)
    }
    
    New-NetFirewallRule @params 
    

    Hope this helps!

  • #120135

    Participant
    Points: 1,628
    Helping Hand
    Rank: Community Hero

    @ustyne – I think you had some dilemma between Enabled and Action.

    Action – Is the actual duty of the rule.
    Enabled – Set to true, Will make the rule live to do the specified Action

The topic ‘Windows Firewall Advanced Security’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort