[TOC]
0x00 Windows 防火墙规则(NetFirewall)查看配置 描述: 在PowerShell中针对windows防火墙的规则的操作和查看常用命令,我们可以利用Get-Command *-NetFirewallRule命令进行查看到Function类型的命令。
New-NetFirewallRule 命令 - 添加一个新的防火墙规则 描述: 该命令创建一个新的入站或出站防火墙规则,并将该规则添加到目标计算机。
语法参数:
[TOC]
0x00 Windows 防火墙规则(NetFirewall)查看配置 描述: 在PowerShell中针对windows防火墙的规则的操作和查看常用命令,我们可以利用Get-Command *-NetFirewallRule命令进行查看到Function类型的命令。
New-NetFirewallRule 命令 - 添加一个新的防火墙规则 描述: 该命令创建一个新的入站或出站防火墙规则,并将该规则添加到目标计算机。
语法参数: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 New-NetFirewallRule [-PolicyStore <String>] [-GPOSession <String>] [-Name <String>] -DisplayName <String> [-Description <String>] [-Group <String>] [-Enabled <Enabled>] [-Profile <Profile>] [-Platform <String[]>] [-Direction <Direction>] [-Action <Action>] [-EdgeTraversalPolicy <EdgeTraversal>] [-LooseSourceMapping <Boolean>] [-LocalOnlyMapping <Boolean>] [-Owner <String>] [-LocalAddress <String[]>] [-RemoteAddress <String[]>] [-Protocol <String>] [-LocalPort <String[]>] [-RemotePort <String[]>] [-IcmpType <String[]>] [-DynamicTarget <DynamicTransport>] [-Program <String>] [-Package <String>] [-Service <String>] [-InterfaceAlias <WildcardPattern[]>] [-InterfaceType <InterfaceType>] [-LocalUser <String>] [-RemoteUser <String>] [-RemoteMachine <String>] [-Authentication <Authentication>] [-Encryption <Encryption>] [-OverrideBlockRules <Boolean>] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [-WhatIf] [-Confirm] [<CommonParameters>] -Action :指定创建指定操作的匹配防火墙规则。 -Authentication : 指定防火墙规则需要身份验证。 -Direction :指定创建指定方向的匹配防火墙规则。 -DynamicTarget : 指定动态传输。 -EdgeTraversalPolicy : 指定创建所指示的边缘遍历(NAT)策略的匹配防火墙规则,仅当Direction参数设置为Inbound时有效。 -Encryption : 指定防火墙规则上需要身份验证中的加密。 -IcmpType : 指定ICMP类型代码. -InterfaceType : 指定只有通过指定接口类型进行的网络连接才受此规则要求的约束。 -LocalAddress :指定具有匹配IP地址的网络数据包与此规则匹配(本地); -LocalPort : 指定具有匹配IP本地端口号的网络数据包与此规则匹配。 -LocalUser : 指定此防火墙规则应用于的网络通信的主体。 -LooseSourceMapping : 指示已创建与指定值匹配的防火墙规则,此参数指定松散源映射的防火墙规则,该规则描述数据包在转发到目标时是否可以具有非本地源地址。 -OverrideBlockRules :指示允许匹配的网络流量否则将被阻止。 -Owner :指定防火墙规则的所有者表示为SDDL字符串或者SID -Package :指定应用防火墙规则的Windows应用商店应用程序。 -Program :指定规则允许通信的程序的路径和文件名。 -Platform : 指定应用关联规则的Windows版本。 -PolicyStore : 规则的策略存储; -Profile : 指定将规则分配给的一个或多个配置文件, 仅当指定的配置文件当前处于活动状态时,规则才在本地计算机上处于活动状态。这种关系是多对多的,用户可以通过更改防火墙规则实例上的Profiles字段来间接修改。一次只能应用一个配置文件。 -Protocol : 指定具有匹配IP地址的网络数据包与此规则匹配。 -ThrottleLimit : 指定可以建立以运行cmdlet的最大并发操作数。如果省略此参数或输入值0则Windows PowerShell® 根据计算机上运行的CIM cmdlet的数量计算cmdlet的最佳限制。限制仅适用于当前cmdlet而不适用于会话或计算机。
基础示例: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 New-NetFirewallRule -DisplayName "Block Outbound Port 80" -Direction Outbound -LocalPort 80 ,8080 -Protocol TCP -Action Block New-NetFirewallRule -DisplayName "Block WINS" -Direction Inbound -Action Block -RemoteAddress WINS New-NetFirewallRule -DisplayName "Allow Messenger" -Direction Inbound -Program "C:\app\msmsgs.exe" -RemoteAddress LocalSubnet -Action Allow New-NetFirewallRule -DisplayName "Allow Authenticated Messenger" -Direction Inbound -Program "C:\app\msmsgs.exe" -Authentication Required -Action Allow New-NetFirewallRule -DisplayName "Allow Only Specific Computers and Users" -Direction Inbound -RemoteMachine "D:(A;;CC;;;SIDforMachineGroupAccount)" -RemoteUser "D:(A;;CC;;;SIDforUserGroupAccount)" -Action Allow -Authentication Required New-NetFirewallRule -Name "Block Wireless In" -Direction Inbound -InterfaceType Wireless -Action Block New-NetFirewallRule -Name "Block Wireless Out" -Direction Outbound -InterfaceType Wireless -Action Block New-NetFirewallRule -DisplayName "Allow TCP 12345 and 5000-5020 over Teredo" -Direction Inbound -Action Allow -EdgeTraversalPolicy Allow -Protocol TCP -LocalPort 12345 ,5000 -5020 -Program "C:\Program Files (x86)\TestIPv6App.exe" New-NetFirewallRule -DisplayName "Http Server" -Direction Inbound -LocalPort 80 -RemotePort Any -Protocol TCP -Enabled True New-NetFirewallRule -DisplayName "Http Server" -Direction Outbound -LocalPort 80 -RemotePort Any -Protocol TCP -Enabled True New-NetFirewallRule -DisplayName "Allow Ping" -Description "Allow ping" -Protocol ICMPv4 -IcmpType 8 -Enabled True -Profile Any -Action Allow
Get-NetFirewallRule 命令 - 从目标计算机检索防火墙规则。 描述: 该cmdlet返回与用户的搜索参数匹配的防火墙规则实例,此cmdlet通过指定Name参数(默认)、DisplayName参数、规则属性或关联的筛选器或对象返回一个或多个防火墙规则。查询的规则可以放入变量中,并通过管道传输到其他cmdlet以进行进一步修改或监视。
Tips : 如果执行基于这些参数(端口,地址,安全性,接口和服务)的规则查询,则应检索带有带有Get动词的对应cmdlet的过滤器对象。
基础语法: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Get-NetFirewallRule [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore] [<CommonParameters>] Get-NetFirewallRule [-Name] <String[]> -DisplayName <String[]> [-Action <Action[]>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String[]>] [-Direction <Direction[]>] [-DisplayGroup <String[]>] [-EdgeTraversalPolicy <EdgeTraversal[]>] [-Enabled <Enabled[]>] [-GPOSession <String>] [-Group <String[]>] [-LocalOnlyMapping <Boolean[]>] [-LooseSourceMapping <Boolean[]>] [-Owner <String[]>] [-PolicyStore <String>] [-PolicyStoreSource <String[]>] [-PolicyStoreSourceType <PolicyStoreType[]>] [-PrimaryStatus <PrimaryStatus[]>] [-Status <String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore] [<CommonParameters>] { -AssociatedNetFirewallInterfaceFilter <CimInstance> [<CommonParameters>] -AssociatedNetFirewallInterfaceTypeFilter <CimInstance> [<CommonParameters>] -AssociatedNetFirewallAddressFilter <CimInstance> [<CommonParameters>] -AssociatedNetFirewallApplicationFilter <CimInstance> [<CommonParameters>] -AssociatedNetFirewallProfile <CimInstance> [<CommonParameters>] -AssociatedNetFirewallServiceFilter <CimInstance> [<CommonParameters>] -AssociatedNetFirewallSecurityFilter <CimInstance> [<CommonParameters>] -AssociatedNetFirewallPortFilter <CimInstance> [<CommonParameters>] } -PolicyStore * PersistentStore:有时称为静态规则,此存储包含本地计算机的持久策略。此策略不是来自GPO的,而是在计算机上手动或以编程方式(在安装应用程序期间)创建的。在此存储中创建的规则将附加到ActiveStore并在计算机上立即被激活。 * ActiveStore:此存储包含当前活动的策略,这是适用于计算机的所有策略存储的总和。这是本地计算机(适用于该计算机的所有GPO的总和)和本地存储(PersistentStore,静态Windows服务强化(WSH)和可配置的WSH)的结果策略集(RSOP)。---- GPO也是策略存储。可以按以下方式指定计算机GPO。------ -PolicyStore hostname。---- Active Directory GPO可以指定如下。------ -PolicyStore domain.fqdn.com\GPO_Friendly_Namedomain.fqdn.comGPO_Friendly_Name。------如下。-------- -PolicyStore localhost -------- -PolicyStore corp.contoso.com\FirewallPolicy ---- Active Directory中的GPO可以通过创建新的GPO cmdlet或组策略管理控制台。 * RSOP:此只读存储包含应用于本地计算机的所有GPO的总和。 * SystemDefaults:此只读存储包含WindowsServer®2012附带的防火墙规则的默认状态。 * StaticServiceStore:此只读存储包含Windows Server 2012附带的所有服务限制。出于WFAS的目的,可选功能和与产品相关的功能被视为Windows Server 2012的一部分。 * ConfigurableServiceStore:此读写存储包含为第三方服务添加的所有服务限制。此外,为Windows Store应用程序容器创建的网络隔离规则将显示在此策略存储中。默认值为PersistentStore
基础示例: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 PS C:\> Get-NetFirewallRule -PolicyStore ActiveStore PS C:\> Get-NetFirewallRule -PolicyStore ActiveStore | Format-Table PS C:\> Get-NetFirewallProfile -Name Public | Get-NetFirewallRule PS C:\> $nfServiceFilter = Get-NetFirewallRule -Group "@FirewallAPI.dll,-30502" | Get-NetFirewallServiceFilter -Service Any PS C:\> Set-NetFirewallServiceFilter -Service Ssdpsrv -InputObject $nfServiceFilter This cmdlet can be run using only the pipeline. PS C:\> Get-NetFirewallRule -Group "@FirewallAPI.dll,-30502" | Get-NetFirewallServiceFilter -Service Any | Set-NetFirewallServiceFilter -Service Ssdpsrv Get-NetFirewallRule -Name 'WINRM*' | Select-Object Name Get-NetFirewallRule -Enabled False -Action Allow -Direction Inbound | Select-Object Name Get-NetFirewallRule -PolicyStore SystemDefaults -PrimaryStatus ok | Select-Object Name Get-NetFirewallRule -Description "*文件和打印机共享*" -DisplayGroup "*共享*" | Select-Object Name > Get-NetFirewallRule -Name FPS-SMB-In-TCP-NoScope | Get-NetFirewallAddressFilter > Get-NetFirewallRule -Name FPS-SMB-In-TCP-NoScope | Get-NetFirewallPortFilter > Get-NetFirewallRule -Name FPS-SMB-In-TCP-NoScope | Get-NetFirewallInterfaceFilter > Get-NetFirewallRule -Name FPS-SMB-In-TCP-NoScope | Get-NetFirewallInterfaceTypeFilter > Get-NetFirewallRule -Name FPS-SMB-In-TCP-NoScope | Get-NetFirewallApplicationFilter > Get-NetFirewallRule -Name FPS-SMB-In-TCP-NoScope | Get-NetFirewallSecurityFilter > Get-NetFirewallRule -Name FPS-SMB-In-TCP-NoScope | Get-NetFirewallServiceFilter > Get-NetFirewallRule -Name FPS-SMB-In-TCP-NoScope | Get-NetFirewallProfile
Set-NetFirewallRule 命令 - 设置目标计算现有防火墙规则。 描述:此cmdlet修改现有的防火墙规则属性,可以通过Name参数(默认),DisplayName参数或使用DisplayGroup或Group参数的组关联来修改一个或多个防火墙规则,如要将规则移至新的GPO,请使用带有NewPolicyStore参数的Copy-NetFirewallRule 复制现有规则然后使用此cmdlet删除旧规则。
Tips : 该 cmdlet 不能用于将对象添加到策略存储,只能在创建时使用Copy-NetFirewallRulecmdlet或New-NetFirewallRule cmdlet将对象添加到策略存储中。
语法参数: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 Set-NetFirewallRule [ [-Name] <String[]> | -DisplayName <String[]> | -Group <String[]> | -InputObject <CimInstance[]> ] [-PolicyStore <String>] [-GPOSession <String>] [-NewDisplayName <String>] [-Description <String>] [-Enabled <Enabled>] [-Profile <Profile>] [-Platform <String[]>] [-Direction <Direction>] [-Action <Action>] [-EdgeTraversalPolicy <EdgeTraversal>] [-LooseSourceMapping <Boolean>] [-LocalOnlyMapping <Boolean>] [-Owner <String>] [-LocalAddress <String[]>] [-RemoteAddress <String[]>] [-Protocol <String>] [-LocalPort <String[]>] [-RemotePort <String[]>] [-IcmpType <String[]>] [-DynamicTarget <DynamicTransport>] [-Program <String>] [-Package <String>] [-Service <String>] [-InterfaceAlias <WildcardPattern[]>] [-InterfaceType <InterfaceType>] [-LocalUser <String>] [-RemoteUser <String>] [-RemoteMachine <String>] [-Authentication <Authentication>] [-Encryption <Encryption>] [-OverrideBlockRules <Boolean>] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>] -Authentication -Direction
基础示例: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Set-NetFirewallRule -DisplayName "AllowWeb80" -RemoteAddress "192.168.0.2" Enable-NetFirewallRule -DisplayGroup "Windows Firewall Remote Management" Set-NetFirewallRule -DisplayGroup "Windows Firewall Remote Management" -Enabled True Set-NetFirewallRule -DisplayName "AllowMessenger" -Authentication Required -Profile Domain Enable-NetFirewallRule -Name FPS-ICMP4-ERQ-In Enable-NetFirewallRule -Name CoreNet-Diag-ICMP4-EchoRequest-In Set-NetFirewallRule -Name CoreNet-Diag-ICMP4-EchoRequest-In -RemoteAddress LocalSubnet -Enable True
Get-NetFirewallAddressFilter 命令 - 从目标计算机修改地址筛选器对象。 描述: 该 cmdlet 返回地址过滤器对象与输入规则相关联,地址过滤器对象表示与输入规则关联的本地和远程地址,单个规则的LocalAddress和RemoteAddress参数在单独的NetFirewallAddressFilter对象中表示
Tips: 修改规则地址的两种方式即过管道传递到Set-NetFirewallRule,Set-NetIPsecRule或Set-NetIPsecMainModeRule cmdlet中便可以配置地址属性。
语法参数: 1 2 3 4 5 6 7 Get-NetFirewallAddressFilter [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [<CommonParameters>] Get-NetFirewallAddressFilter [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] -AssociatedNetFirewallRule <CimInstance> [<CommonParameters>] Get-NetFirewallAddressFilter [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] -AssociatedNetIPsecMainModeRule <CimInstance> [<CommonParameters>] Get-NetFirewallAddressFilter [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] -AssociatedNetIPsecRule <CimInstance> [<CommonParameters>]
Set-NetFirewallAddressFilter 命令 - 从目标计算机检索地址筛选器对象。 描述: 该命令修改地址筛选器对象,从而修改防火墙、IPsec和主模式规则的本地和远程地址条件。
语法参数: 1 2 3 4 5 6 7 Set-NetFirewallAddressFilter [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-LocalAddress <String[]>] [-PassThru] [-PolicyStore <String>] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>] Set-NetFirewallAddressFilter [-AsJob] [-CimSession <CimSession[]>] [-LocalAddress <String[]>] [-PassThru] [-RemoteAddress <String[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>] -CimSession : -GPOSession :
基础示例: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Get-NetFirewallRule -DisplayName "*ICMP*" | Get-NetFirewallAddressFilter | Where-Object -FilterScript { $_ .RemoteAddress -Eq "LocalSubnet6" } Set-NetIPsecRule -DisplayName "Tunnel Rule" -LocalAddress Any $nfwAddressFilter = ( Get-NetIPsecRule -DisplayName "Tunnel Rule" | Get-NetFirewallAddressFilter )Set-NetFirewallAddressFilter -InputObject $nfwAddressFilter -LocalAddress Any Get-NetIPsecRule -DisplayName "Tunnel Rule" | Get-NetFirewallAddressFilter | Set-NetFirewallAddressFilter -LocalAddress Any Get-NetFirewallRule -Name "CoreNet-Diag-ICMP4-EchoRequest-In" | Get-NetFirewallAddressFilter | Where-Object -FilterScript { $_ .RemoteAddress -Eq "LocalSubnet6" } | Set-NetFirewallAddressFilter -RemoteAddress LocalSubnet4 Get-NetFirewallRule -Name "CoreNet-Diag-ICMP4-EchoRequest-In" | Get-NetFirewallAddressFilter | Where-Object -FilterScript { $_ .RemoteAddress -Eq "LocalSubnet6" } | Get-NetFirewallRule | Set-NetFirewallRule -RemoteAddress LocalSubnet4
Get-NetFirewallPortFilter 命令 - 从目标计算机检索端口筛选器对象。 描述: 该cmdlet返回端口过滤器对象与输入规则相关联,端口筛选器对象表示与防火墙和IPsec规则关联的端口和协议条件。单个规则中表示的单个规则的Protocol,LocalPort,RemotePort,IcmpType和DynamicTransport参数在单独的NetFirewallPortFilter对象中表示;
语法参数: 1 2 3 4 5 6 7 8 9 10 11 Get-NetFirewallPortFilter [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [<CommonParameters>] Get-NetFirewallPortFilter [-AsJob] [-CimSession <CimSession[]>] [-DynamicTarget <DynamicTransport[]>] [-GPOSession <String>] [-PolicyStore <String>] [-Protocol <String[]>] [-ThrottleLimit <Int32>] [<CommonParameters>] Get-NetFirewallPortFilter [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] -AssociatedNetFirewallRule <CimInstance> [<CommonParameters>] Get-NetFirewallPortFilter [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] -AssociatedNetIPsecRule <CimInstance> [<CommonParameters>] -DynamicTarget : 指定动态传输的数组可接受值 `[ other,ProximityApps,ProximitySharing,WifiDirectPrinting,WifiDirectDisplay,WifiDirectDevices]` -Protocol : 指定具有匹配IP地址的网络数据包与此规则匹配。值`[ TCP, UDP, ICMPv4, or ICMPv6. ]`
Set-NetFirewallPortFilter 命令 - 从目标计算机修改端口筛选器对象。 描述: 修改端口筛选器对象从而使用防火墙或IPsec规则的Protocol,LocalPort,RemotePort,IcmpType和DynamicTransport参数修改协议和端口条件
语法参数: 1 2 3 Set-NetFirewallPortFilter [-AsJob] [-CimSession <CimSession[]>] [-DynamicTarget <DynamicTransport>] [-GPOSession <String>] [-IcmpType <String[]>] [-LocalPort <String[]>] [-PassThru] [-PolicyStore <String>] [-Protocol <String>] [-RemotePort <String[]>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>] Set-NetFirewallPortFilter [-AsJob] [-CimSession <CimSession[]>] [-DynamicTarget <DynamicTransport>] [-IcmpType <String[]>] [-LocalPort <String[]>] [-PassThru] [-Protocol <String>] [-RemotePort <String[]>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>]
基础示例: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 Get-NetFirewallPortFilter -PolicyStore ActiveStore | Format-Table -Property * Get-NetFirewallPortFilter | more Get-NetFirewallRule -Name "CoreNet-Diag-ICMP4-EchoRequest-In" | Get-NetFirewallPortFilter Set-NetFirewallRule -DisplayName "Play To streaming server" -LocalPort 10246 Get-FirewallRule -DisplayName "Play To streaming server" | Get-NetFirewallPortFilter | Set-NetFirewallPortFilter -LocalPort 10246 Get-NetFirewallPortFilter | Where-Object -Property LocalPort -EQ 10246 | Set-NetFirewallPortFilter -LocalPort Any Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" | Get-NetFirewallPortFilter | Where-Object -Property { $_ .RemotePort -Eq "137" } | Set-NetFirewallPortFilter -LocalPort Any $nfPortFilter = Get-FirewallRule -DisplayName "Play To streaming server" | Get-NetFirewallPortFilterSet-NetFirewallPortFilter -LocalPort 10246 -InputObject $nfPortFilter Get-NetFirewallPortFilter -DynamicTransport ProximitySharing | Get-NetFirewallRule | Set-NetFirewall -Action Block
Get-NetFirewallInterfaceFilter 命令 - 从目标计算机检索接口筛选器对象 Set-NetFirewallInterfaceFilter 命令 - 从目标计算机设置接口筛选器对象 Get-NetFirewallInterfaceTypeFilter 命令- 从目标计算机检索接口类型筛选器对象 Set-NetFirewallInterfaceTypeFilter 命令- 修改接口类型筛选器对象从而修改防火墙或IPsec规则的接口类型条件 描述: 接口筛选器对象表示与防火墙和IPsec规则关联的接口。
基础语法: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Get-NetFirewallInterfaceFilter [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [<CommonParameters>] -AssociatedNetIPsecRule <CimInstance> [<CommonParameters>] Get-NetFirewallInterfaceTypeFilter [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [<CommonParameters>] -AssociatedNetIPsecRule <CimInstance> -AssociatedNetFirewallRule <CimInstance> [-InterfaceType <InterfaceType[]>] Set-NetFirewallInterfaceFilter [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-InterfaceAlias <String[]>] [-PassThru] [-PolicyStore <String>] -InputObject <CimInstance[]> [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>] Set-NetFirewallInterfaceTypeFilter [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-InterfaceType <InterfaceType>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>] -InputObject <CimInstance[]> - InterfaceAlias : String[] 类型可选值: - InterfaceType : 指定只有通过指定接口类型进行的网络连接才受此规则要求的约束,此参数的可接受值为:Any(默认值)、Wired、Wireless或RemoteAccess。
基础示例: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 Get-NetFirewallInterfaceFilter -PolicyStore ActiveStore Get-NetFirewallInterfaceTypeFilter -PolicyStore ActiveStore Get-NetFirewallRule -Name "CoreNet-Diag-ICMP4-EchoRequest-In" | Get-NetFirewallInterfaceFilter Get-NetFirewallRule -Name "CoreNet-Diag-ICMP4-EchoRequest-In" | Get-NetFirewallInterfaceTypeFilter Get-NetFirewallInterfaceTypeFilter -InterfaceType Wired | Set-NetFirewallInterfaceTypeFilter -InterfaceType Any Set-NetFirewallRule -DisplayName "Contoso Messenger" -InterfaceAlias Any Get-NetFirewallRule -DisplayName "Contoso Messenger" | Get-NetFirewallInterfaceFilter | Set-NetFirewallInterfaceFilter -InterfaceAlias Any Get-NetIPsecRule -Group "Wired Rules" | Get-NetFirewallInterfaceFilter | Where-Object -FilterScript { $_ .InterfaceAlias -Eq "Wired2" } | Set-NetFirewallInterfaceFilter -InterfaceAlias Wired3 $nfwInterfaceFilter = (Get-FirewallRule -DisplayName "Contoso Messenger" | Get-NetFirewallInterfaceFilter)$nfwInterfaceFilterWired2 = (Where-Object -Property { $_ .InterfaceAlias -Eq "Wired2" } -InputObject $nfwInterfaceFilter )Set-NetFirewallInterfaceFilter -InterfaceAlias Any -InputObject $nfwInterfaceFilter Set-NetFirewallInterfaceFilter -InterfaceAlias Wired3 -InputObject $nfwInterfaceFilterWired2 Set-NetFirewallRule -DisplayName "Contoso Messenger" -InterfaceType Any Get-FirewallRule -DisplayName "Contoso Messenger" | Get-NetFirewallInterfaceTypeFilter | Set-NetFirewallInterfaceTypeFilter -InterfaceType Any $nfwInterfaceTypeFilter = ( Get-NetIPsecRule -Group DirectAccess | Get-NetFirewallInterfaceTypeFilter )$nfwInterfaceTypeFilterWired = Where-Object -Property { $_ .InterfaceType -Eq "Wired" } -InputObject $nfwInterfaceTypeFilter Set-NetFirewallInterfaceTypeFilter -InterfaceType RemoteAccess -InputObject $nfwInterfaceTypeFilterWired Get-NetIPsecRule -Group DirectAccess | Get-NetFirewallInterfaceTypeFilter | Where-Object -Property { $_ .InterfaceType -Eq "Wired" } | Set-NetFirewallInterfaceTypeFilter -InterfaceType RemoteAccess
Get-NetFirewallSecurityFilte 命令 - 从目标计算机检索安全筛选器对象 Set-NetFirewallSecurityFilte 命令 - 从目标计算机设置安全筛选器对象 描述: 该 cmdlet 返回的安全过滤器对象与输入防火墙规则有关,安全筛选器对象表示与防火墙规则关联的安全条件。Authentication,Encryption,OverrideBlockRules,LocalUser,RemoteUser和RemoteMachine参数在单独的NetFirewallSecurityFilter对象中表示,并且过滤器与规则的关系始终是一对一的并且会自动进行管理。
语法参数: 1 2 3 4 5 6 7 8 9 10 11 12 13 Get-NetFirewallSecurityFilter [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [<CommonParameters>] Get-NetFirewallSecurityFilter [-AsJob] [-Authentication <Authentication[]>] [-CimSession <CimSession[]>] [-Encryption <Encryption[]>] [-GPOSession <String>] [-LocalUser <String[]>] [-OverrideBlockRules <Boolean[]>] [-PolicyStore <String>] [-RemoteMachine <String[]>] Get-NetFirewallSecurityFilter [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] -AssociatedNetFirewallRule <CimInstance> [<CommonParameters>] Set-NetFirewallSecurityFilter [-AsJob] [-Authentication <Authentication>] [-CimSession <CimSession[]>] [-Encryption <Encryption>] [-GPOSession <String>] [-LocalUser <String>] [-OverrideBlockRules <Boolean>] [-PassThru] [-PolicyStore <String>] [-RemoteMachine <String>] [-RemoteUser <String>] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>] Set-NetFirewallSecurityFilter [-AsJob] [-Authentication <Authentication>] [-CimSession <CimSession[]>] [-Encryption <Encryption>] [-LocalUser <String>] [-OverrideBlockRules <Boolean>] [-PassThru] [-RemoteMachine <String>] [-RemoteUser <String>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>] -Authentication -Encryption
基础示例: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 $ Get-NetFirewallSecurityFilter -PolicyStore ActiveStore | Format-Table -Property * Authentication Encryption LocalUser RemoteUser RemoteMachine Caption Description ElementName InstanceID CommunicationStatus Detailed Status -------------- ---------- --------- ---------- ------------- ------- ----------- ----------- ---------- ------------------- -------- NotRequired NotRequired Any Any Any SNMPTRAP-In-UDP NotRequired NotRequired Any Any Any {CC0329A5-245B-405C-80F3-0D4001663753} NotRequired NotRequired Any Any Any HNS Container Networking - DNS (UDP-In) - 9BBB3B53-0C52-47CB-9BC5-5E7AC5A9EE8F - 0 NotRequired NotRequired O:LSD:(A;;CC;;;S-1-5-92-3339056971-1291069075-3798698925-2882100687-0) Any Any WFDPRINT-DAFWSD-In-Active Get-NetFirewallRule -DisplayName "Contoso Messenger" | Get-NetFirewallSecurityFilter Get-NetFirewallSecurityFilter -OverrideBlockRules $True | Get-NetFirewallRule Get-NetFirewallSecurityFilter -Authentication Required | Where-Object -Property { $_ .RemoteUser -Eq "$secureUserGroupSDDL " } | Get-NetFirewallRule $nfSecurityFilter = Get-NetFirewallRule -DisplayGroup "*Printer*" | Get-NetFirewallSecurityFilterSet-NetFirewallSecurityFilter -Authentication Request -InputObject $nfSecurityFilter Get-NetFirewallRule -DisplayGroup "*Printer*" | Get-NetFirewallSecurityFilter | Set-NetFirewallSecurityFilter -Authentication Request $users = New-Object -TypeName System.Security.Principal.NTAccount ("corp.contoso.com\Administrators" )$SIDofSecureUserGroup = $users .Translate([System.Security.Principal.SecurityIdentifier]).Value$SecureMachineGroupSDDL = "D:(A;;CC;;; $SIDofSecureUserGroup )" $nfSecurityFilter = Get-FirewallRule -DisplayName "Authorize Secure Computer" | Get-NetFirewallSecurityFilterSet-NetFirewallSecurityFilter -RemoteMachine $SecureMachineGroupSDDL -InputObject $nfSecurityFilter Get-FirewallRule -DisplayName "Authorize Secure Computer" | Get-NetFirewallSecurityFilter | Set-NetFirewallSecurityFilter -RemoteMachine $SecureMachineGroupSDDL Set-NetFirewallRule -DisplayName "Authorize Secure Computer" -RemoteMachine $SecureMachineGroupSDDL
Get-NetFirewallServiceFilter 命令 - 从目标计算机检索服务筛选器对象。 Set-NetFirewallServiceFilter 命令 - 从目标计算机设置服务筛选器对象 描述: 服务筛选器对象代表与防火墙规则关联的Windows服务,单个规则的Service参数在单独的NetFirewallServiceFilter 对象中表示,过滤器与规则之间的关系始终是一对一的并且会自动进行管理。
Tips: 只能使用过滤器对象查询与过滤器关联的规则参数。
基础示例: 1 2 3 4 5 6 7 8 9 10 Get-NetFirewallServiceFilter -PolicyStore ActiveStore Get-NetFirewallServiceFilter -Service dnscache | Get-NetFirewallRule | Where-Object -Property { $_ .Enabled -Eq "False" } Get-NetFirewallRule -DisplayName "Wireless Portable Devices" | Get-NetFirewallServiceFilter
Get-NetFirewallApplicationFilter 命令 - 从目标计算机检索应用程序筛选器对象。 Set-NetFirewallApplicationFilter 命令 - 从目标计算机修改防火墙规则的程序和程序包条件。 描述: 应用程序过滤器对象代表与防火墙规则关联的应用程序,单个规则的“程序”和“程序包”参数在单独的Get-NetFirewallApplicationFilter对象中表示,过滤器与规则的关系始终是一对一的并且会自动进行管理。
基础语法: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Get-NetFirewallApplicationFilter [-All] | -AssociatedNetFirewallRule <CimInstance> [-Program <String[]>] [-Package <String[]>] [-PolicyStore <String>] [-GPOSession <String>] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [<CommonParameters>] Set-NetFirewallApplicationFilter [-PolicyStore <String>] [-GPOSession <String>] [-Program <String>] [-Package <String>] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]
基础示例: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 Get-NetFirewallApplicationFilter -PolicyStore ActiveStore | Where-Object { $_ .Package -ne '' } Get-NetFirewallApplicationFilter | Where-Object { $_ .Program -like 'C:\windows\system32\ftp.exe' } Get-NetFirewallRule -DisplayName "Contoso Messenger" | Get-NetFirewallApplicationFilter Get-NetFirewallRule -DisplayName "Contoso Messenger" | Get-NetFirewallApplicationFilter | Set-NetFirewallApplicationFilter -Program %SystemRoot%\System32\messenger.exe Set-NetFirewallRule -DisplayName "Contoso Messenger" -Program %SystemRoot%\System32\messenger.exe $NewPackageSDDL = "S-1-15-2-4292807980-2381230043-3108820062-1451069988-2614848061-670482394-695399705" Get-NetFirewallRule -Group Socialite | Get-NetFirewallApplicationFilter | Set-NetFirewallAddressFilter -Package $NewPackageSDDL $nfwApplicationFilter = (Get-NetFirewallRule -Group Socialite | Get-NetFirewallApplicationFilter )Set-NetFirewallAddressFilter - InputObject $nfwApplicationFilter -Package $NewPackageSDDL Get-NetFirewallRule -Group Socialite | Get-NetFirewallApplicationFilter | Set-NetFirewallAddressFilter -Package $NewPackageSDDL
Enable-NetFirewallRule 命令 - 启用以前禁用的防火墙规则 描述: Enable-NetFirewallRule cmdlet使以前禁用的防火墙规则在计算机或组策略组织单位中处于活动状态。
Disable-NetFirewallRule 命令 - 禁用当前已启用的防火墙规则 描述: 重要说明不带参数运行此cmdlet将禁用目标计算机上的所有Windows防火墙规则,将禁用先前启用的防火墙规则在计算机或组策略组织单位内无效。禁用规则不会主动修改系统行为,但是该规则仍存在于计算机或组策略对象(GPO)中因此可以重新启用它。
基础语法: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 Enable-NetFirewallRule [-Name] <String[]> -DisplayName <String[]> [-Action <Action[]>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String[]>] [-Direction <Direction[]>] [-DisplayGroup <String[]>] [-EdgeTraversalPolicy <EdgeTraversal[]>] [-Enabled <Enabled[]>] [-GPOSession <String>] [-Group <String[]>] [-LocalOnlyMapping <Boolean[]>] [-LooseSourceMapping <Boolean[]>] [-Owner <String[]>] [-PassThru] [-PolicyStore <String>] [-PolicyStoreSource <String[]>] [-PolicyStoreSourceType <PolicyStoreType[]>] [-PrimaryStatus <PrimaryStatus[]>] [-Status <String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore] [-Confirm] [-WhatIf] [<CommonParameters>] -InputObject <CimInstance[]> Disable-NetFirewallRule [-Name] <String[]> | -DisplayName <String[]> [-Description <String[]>] [-DisplayGroup <String[]>] [-Group <String[]>] [-Enabled <Enabled[]>] [-Direction <Direction[]>] [-Action <Action[]>] [-EdgeTraversalPolicy <EdgeTraversal[]>] [-LooseSourceMapping <Boolean[]>] [-LocalOnlyMapping <Boolean[]>] [-Owner <String[]>] [-PrimaryStatus <PrimaryStatus[]>] [-Status <String[]>] [-PolicyStoreSource <String[]>] [-PolicyStoreSourceType <PolicyStoreType[]>] [-PolicyStore <String>] [-GPOSession <String>] [-TracePolicyStore] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>] { -AssociatedNetFirewallAddressFilter <CimInstance> -AssociatedNetFirewallApplicationFilter <CimInstance> -AssociatedNetFirewallInterfaceFilter <CimInstance> -AssociatedNetFirewallInterfaceTypeFilter <CimInstance> -AssociatedNetFirewallPortFilter <CimInstance> -AssociatedNetFirewallSecurityFilter <CimInstance> -AssociatedNetFirewallServiceFilter <CimInstance> -AssociatedNetFirewallProfile <CimInstance> } -EdgeTraversalPolicy : 指定启用指示的边缘遍历策略的匹配防火墙规则;
基础示例: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Enable-NetFirewallRule -Group "@FirewallAPI.dll,-28502" Disable-NetFirewallRule -Group "@FirewallAPI.dll,-28502" Enable-NetFirewallRule -DisplayName "Network Discovery" Disable-NetFirewallRule -DisplayName "Network Discovery" Enable-NetFirewallRule -Direction Outbound -PolicyStore contoso.com\gpo_name $nfwRule = Get-NetFirewallRule -PolicyStore ActiveStore -PolicyStoreSourceType DynamicEnable-NetFirewallRule -InputObject $nfwRule Get-NetFirewallRule -PolicyStore ActiveStore -PolicyStoreSourceType Dynamic | Enable-NetFirewallRule
