Extending Windows Firewall With Powershell

powershell banner

The GUI with Windows Firewall isn’t the prettiest & adding multiple rules within the GUI is pretty tiresome ( so why not automate it? ).

A lot of people use custom software firewalls but Windows Firewall is actually pretty good when working on large corporate networks, automating things with Group Policies & Powershell can be fun.

Here are some simple scripts which should help both power users & systems administrators. The main task I found tiresome is adding IP specific blocks, especially when there are multiple IPs involved.

I first made a script to simply block a single IP.

.\fw-block.ps1 add 94.229.78.58

I then expanded on this script, adding the ability to use blocklists.

Windows Firewall IP Blocklist Script

This script allows you to block based on a blocklist provided. The blocklist should be a text file with IP addresses on each line.

The script syntax is pretty simple & has 3 parameters.

fw-blocklist.ps1 [-Action] <String> -BlockList <String> [-BlockGroup <String>]

BlockGroup is optional, the default group name is “CLI Added IP Blocklist” You should see each rule created in the CLI.

DisplayName           : BlockList 94.229.78.58
Description           :
DisplayGroup          : CLI Added IP BlockList
Group                 : CLI Added IP BlockList
Enabled               : True
Profile               : Any

Here is how the rules screen should look in the Windows Firewall with Advanced Security view after successfully adding a blocklist.

wfirewall

To remove a blocklist simply use the remove action, this will remove the IP addresses listed within the blocklist you provide.

The scripts can be downloaded from my windows github repo.