Extending Windows Firewall With Powershell

powershell banner

The GUI with Windows Firewall isn’t the prettiest & adding multiple rules within the GUI is pretty tiresome ( so why not automate it? ).

A lot of people use custom software firewalls but Windows Firewall is actually pretty good when working on large corporate networks, automating things with Group Policies & Powershell can be fun.

Here are some simple scripts which should help both power users & systems administrators. The main task I found tiresome is adding IP specific blocks, especially when there are multiple IPs involved.

I first made a script to simply block a single IP.

.\fw-block.ps1 add 94.229.78.58

I then expanded on this script, adding the ability to use blocklists.

Windows Firewall IP Blocklist Script

This script allows you to block based on a blocklist provided. The blocklist should be a text file with IP addresses on each line.

The script syntax is pretty simple & has 3 parameters.

fw-blocklist.ps1 [-Action] <String> -BlockList <String> [-BlockGroup <String>]

BlockGroup is optional, the default group name is “CLI Added IP Blocklist” You should see each rule created in the CLI.

DisplayName           : BlockList 94.229.78.58
Description           :
DisplayGroup          : CLI Added IP BlockList
Group                 : CLI Added IP BlockList
Enabled               : True
Profile               : Any

Here is how the rules screen should look in the Windows Firewall with Advanced Security view after successfully adding a blocklist.

wfirewall

To remove a blocklist simply use the remove action, this will remove the IP addresses listed within the blocklist you provide.

The scripts can be downloaded from my windows github repo.

comments powered by Disqus