Public/Get-FirewallRules.ps1
|
<#
.SYNOPSIS Get Firewall Rules. .DESCRIPTION Get Firewall Rules. .NOTES This function is pulled directly from the real Microsoft Windows Admin Center PowerShell scripts use rights (according to Microsoft): We grant you a non-exclusive, royalty-free right to use, modify, reproduce, and distribute the scripts provided herein. ANY SCRIPTS PROVIDED BY MICROSOFT ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS OR A PARTICULAR PURPOSE. .ROLE Readers .EXAMPLE # Open an elevated PowerShell Session, import the module, and - PS C:\Users\zeroadmin> Get-FirewallRules #> function Get-FirewallRules { Import-Module netsecurity $sidToPrincipalCache = @{}; function getPrincipalForSid($sid) { if ($sidToPrincipalCache.ContainsKey($sid)) { return $sidToPrincipalCache[$sid] } $propertyBag = @{} $propertyBag.userName = "" $propertyBag.domain = "" $propertyBag.principal = "" $propertyBag.ssid = $sid try{ $win32Sid = [WMI]"root\cimv2:win32_sid.sid='$sid'"; $propertyBag.userName = $win32Sid.AccountName; $propertyBag.domain = $win32Sid.ReferencedDomainName try { $objSID = New-Object System.Security.Principal.SecurityIdentifier($sid) try{ $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) $propertyBag.principal = $objUser.Value; } catch [System.Management.Automation.MethodInvocationException]{ # the sid couldn't be resolved } } catch [System.Management.Automation.MethodInvocationException]{ # the sid is invalid } } catch [System.Management.Automation.RuntimeException] { # failed to get the user info, which is ok, maybe an old SID } $object = New-Object -TypeName PSObject -Prop $propertyBag $sidToPrincipalCache.Add($sid, $object) return $object } function fillUserPrincipalsFromSddl($sddl, $allowedPrincipals, $skippedPrincipals) { if ($sddl -eq $null -or $sddl.count -eq 0) { return; } $entries = $sddl.split(@("(", ")")); foreach ($entry in $entries) { $entryChunks = $entry.split(";"); $sid = $entryChunks[$entryChunks.count - 1]; if ($entryChunks[0] -eq "A") { $allowed = getPrincipalForSid($sid); $allowedPrincipals.Add($allowed) > $null; } elseif ($entryChunks[0] -eq "D") { $skipped = getPrincipalForSid($sid); $skippedPrincipals.Add($skipped) > $null; } } } $stores = @('PersistentStore','RSOP'); $allRules = @() foreach ($store in $stores){ $rules = (Get-NetFirewallRule -PolicyStore $store) $rulesHash = @{} $rules | foreach { $newRule = ($_ | Microsoft.PowerShell.Utility\Select-Object ` instanceId, ` name, ` displayName, ` description, ` displayGroup, ` group, ` @{Name="enabled"; Expression={$_.Enabled -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled]::True}}, ` profiles, ` platform, ` direction, ` action, ` edgeTraversalPolicy, ` looseSourceMapping, ` localOnlyMapping, ` owner, ` primaryStatus, ` status, ` enforcementStatus, ` policyStoreSource, ` policyStoreSourceType, ` @{Name="policyStore"; Expression={$store}}, ` @{Name="addressFilter"; Expression={""}}, ` @{Name="applicationFilter"; Expression={""}}, ` @{Name="interfaceFilter"; Expression={""}}, ` @{Name="interfaceTypeFilter"; Expression={""}}, ` @{Name="portFilter"; Expression={""}}, ` @{Name="securityFilter"; Expression={""}}, ` @{Name="serviceFilter"; Expression={""}}) $rulesHash[$_.CreationClassName] = $newRule $allRules += $newRule } $addressFilters = (Get-NetFirewallAddressFilter -PolicyStore $store) $applicationFilters = (Get-NetFirewallApplicationFilter -PolicyStore $store) $interfaceFilters = (Get-NetFirewallInterfaceFilter -PolicyStore $store) $interfaceTypeFilters = (Get-NetFirewallInterfaceTypeFilter -PolicyStore $store) $portFilters = (Get-NetFirewallPortFilter -PolicyStore $store) $securityFilters = (Get-NetFirewallSecurityFilter -PolicyStore $store) $serviceFilters = (Get-NetFirewallServiceFilter -PolicyStore $store) $addressFilters | ForEach-Object { $newAddressFilter = $_ | Microsoft.PowerShell.Utility\Select-Object localAddress, remoteAddress; $newAddressFilter.localAddress = @($newAddressFilter.localAddress) $newAddressFilter.remoteAddress = @($newAddressFilter.remoteAddress) $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.addressFilter = $newAddressFilter } } $applicationFilters | ForEach-Object { $newApplicationFilter = $_ | Microsoft.PowerShell.Utility\Select-Object program, package; $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.applicationFilter = $newApplicationFilter } } $interfaceFilters | ForEach-Object { $newInterfaceFilter = $_ | Microsoft.PowerShell.Utility\Select-Object @{Name="interfaceAlias"; Expression={}}; $newInterfaceFilter.interfaceAlias = @($_.interfaceAlias); $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.interfaceFilter = $newInterfaceFilter } } $interfaceTypeFilters | foreach { $newInterfaceTypeFilter = $_ | Microsoft.PowerShell.Utility\Select-Object @{Name="interfaceType"; Expression={}}; $newInterfaceTypeFilter.interfaceType = $_.PSbase.CimInstanceProperties["InterfaceType"].Value; $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.interfaceTypeFilter = $newInterfaceTypeFilter } } $portFilters | foreach { $newPortFilter = $_ | Microsoft.PowerShell.Utility\Select-Object dynamicTransport, icmpType, localPort, remotePort, protocol; $newPortFilter.localPort = @($newPortFilter.localPort); $newPortFilter.remotePort = @($newPortFilter.remotePort); $newPortFilter.icmpType = @($newPortFilter.icmpType); $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.portFilter = $newPortFilter } } $securityFilters | ForEach-Object { $allowedLocalUsers = New-Object System.Collections.ArrayList; $skippedLocalUsers = New-Object System.Collections.ArrayList; fillUserPrincipalsFromSddl -sddl $_.localUser -allowedprincipals $allowedLocalUsers -skippedPrincipals $skippedLocalUsers; $allowedRemoteMachines = New-Object System.Collections.ArrayList; $skippedRemoteMachines = New-Object System.Collections.ArrayList; fillUserPrincipalsFromSddl -sddl $_.remoteMachine -allowedprincipals $allowedRemoteMachines -skippedPrincipals $skippedRemoteMachines; $allowedRemoteUsers = New-Object System.Collections.ArrayList; $skippedRemoteUsers = New-Object System.Collections.ArrayList; fillUserPrincipalsFromSddl -sddl $_.remoteUser -allowedprincipals $allowedRemoteUsers -skippedPrincipals $skippedRemoteUsers; $newSecurityFilter = $_ | Microsoft.PowerShell.Utility\Select-Object authentication, ` encryption, ` overrideBlockRules, ` @{Name="allowedLocalUsers"; Expression={}}, ` @{Name="skippedLocalUsers"; Expression={}}, ` @{Name="allowedRemoteMachines"; Expression={}}, ` @{Name="skippedRemoteMachines"; Expression={}}, ` @{Name="allowedRemoteUsers"; Expression={}}, ` @{Name="skippedRemoteUsers"; Expression={}}; $newSecurityFilter.allowedLocalUsers = $allowedLocalUsers.ToArray() $newSecurityFilter.skippedLocalUsers = $skippedLocalUsers.ToArray() $newSecurityFilter.allowedRemoteMachines = $allowedRemoteMachines.ToArray() $newSecurityFilter.skippedRemoteMachines = $skippedRemoteMachines.ToArray() $newSecurityFilter.allowedRemoteUsers = $allowedRemoteUsers.ToArray() $newSecurityFilter.skippedRemoteUsers = $skippedRemoteUsers.ToArray() $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.securityFilter = $newSecurityFilter } } $serviceFilters | ForEach-Object { $newServiceFilter = $_ | Microsoft.PowerShell.Utility\Select-Object serviceName; $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.serviceFilter = $newServiceFilter } } } $allRules } |