Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Check Firewall Rules
# Check profiles
Get-NetFirewallProfile
Sample Output:
*Evil-WinRM* PS C:\Users\maria> Get-NetFirewallProfile
Name : Domain
Enabled : False
DefaultInboundAction : NotConfigured
DefaultOutboundAction : NotConfigured
AllowInboundRules : NotConfigured
AllowLocalFirewallRules : NotConfigured
AllowLocalIPsecRules : NotConfigured
AllowUserApps : NotConfigured
AllowUserPorts : NotConfigured
AllowUnicastResponseToMulticast : NotConfigured
NotifyOnListen : False
EnableStealthModeForIPsec : NotConfigured
LogFileName : %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogMaxSizeKilobytes : 4096
LogAllowed : False
LogBlocked : False
LogIgnored : NotConfigured
DisabledInterfaceAliases : {NotConfigured}
...[SNIP]...
# Check inbound rules
Get-NetFirewallRule -Direction InBound -Enabled True
Sample Output:
PS C:\programdata> Get-NetFirewallRule -Direction Inbound -Enabled True
Name : DeliveryOptimization-TCP-In
DisplayName : Delivery Optimization (TCP-In)
Description : Inbound rule to allow Delivery Optimization to connect to remote endpoints
DisplayGroup : Delivery Optimization
Group : @%systemroot%\system32\dosvc.dll,-100
Enabled : True
Profile : Any
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Allow
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
...[SNIP]...
# Check outbound rules
Get-NetFirewallRule -Direction Outbound -Enabled True
Sample Output:
*Evil-WinRM* PS C:\Users\maria> Get-NetFirewallRule -Direction Outbound -Enabled True
Name : Microsoft-Windows-Unified-Telemetry-Client
DisplayName : Connected User Experiences and Telemetry
Description : Unified Telemetry Client Outbound Traffic
DisplayGroup : DiagTrack
Group : DiagTrack
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
...[SNIP]...
cmd /c "netsh advfirewall firewall show rule name=all|findstr Name:"
Sample Output:
*Evil-WinRM* PS C:\Users\maria> cmd /c "netsh advfirewall firewall show rule name=all|findstr Name:"
Rule Name: World Wide Web Services (HTTPS Traffic-In)
Rule Name: World Wide Web Services (HTTP Traffic-In)
Rule Name: Shell Input Application
...[SNIP]...
Rule Name: Virtual Machine Monitoring (Echo Request - ICMPv6-In)
Rule Name: Virtual Machine Monitoring (Echo Request - ICMPv4-In)
Rule Name: Virtual Machine Monitoring (DCOM-In)
Add Inbound Rules
# Allow all inbound traffic from local subnet
New-NetFirewallRule -DisplayName "Allow All From LocalSubnet" -Direction Inbound -RemoteAddress LocalSubnet -Protocol TCP -Action Allow -Enabled True -Profile ANY
Sample Output:
PS C:\programdata> New-NetFirewallRule -DisplayName "Allow All From LocalSubnet" -Direction Inbound -RemoteAddress LocalSubnet -Protocol TCP -Action Allow -Enabled True -Profile ANY
Name : {b67cb3e9-4a15-422a-ad46-49742bf98d51}
DisplayName : Allow All From LocalSubnet
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Any
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
netsh advfirewall firewall add rule name="Open Port <PORT> IN" dir=in action=allow protocol=TCP localport=<PORT>
Sample Output:
TO-DOAdd Outbound Rules
New-NetFirewallRule -DisplayName "Allow Port <PORT> Outbound" -Direction Outbound -LocalPort <PORT> -Protocol TCP -Action Allow -Enabled True -Profile ANY
Sample Output:
PS C:\programdata> New-NetFirewallRule -DisplayName "Allow Port 8000 Outbound" -Direction Outbound -LocalPort 8000 -Protocol TCP -Action Allow -Enabled True -Profile ANY
Name : {bb40ce74-5196-4435-92fe-7ecc08fbf13f}
DisplayName : Allow Port 8000 Outbound
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
netsh advfirewall firewall add rule name="Open Port <PORT> OUT" dir=out action=allow protocol=TCP localport=<PORT>
Sample Output:
TO-DODisable Firewall
# Disable all firewall profiles
Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False
Sample Output:
PS C:\programdata> Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False
# Check
Get-NetFirewallProfile | Format-Table Name, Enabled
Sample Output:
PS C:\programdata> Get-NetFirewallProfile | Format-Table Name, Enabled
Name Enabled
---- -------
Domain False
Private False
Public False
netsh advfirewall set allprofiles state off
Sample Output:
C:\>netsh advfirewall set allprofiles state off
Ok.