functions/Export-FirewallRules.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<#
.SYNOPSIS
Exports firewall rules to a CSV or JSON file.
.DESCRIPTION
Exports firewall rules to a CSV or JSON file. Local and policy based rules will be given out.
CSV files are semicolon separated (Beware! Excel is not friendly to CSV files).
All rules are exported by default, you can filter with parameter -Name, -Inbound, -Outbound,
-Enabled, -Disabled, -Allow and -Block.
.PARAMETER Name
Display name of the rules to be processed. Wildcard character * is allowed.
.PARAMETER CSVFile
Output file
.PARAMETER JSON
Output in JSON instead of CSV format
.PARAMETER Inbound
Export inbound rules
.PARAMETER Outbound
Export outbound rules
.PARAMETER Enabled
Export enabled rules
.PARAMETER Disabled
Export disabled rules
.PARAMETER Allow
Export allowing rules
.PARAMETER Block
Export blocking rules
.NOTES
Author: Markus Scholtes
Version: 1.02
Build date: 2020/02/15
.EXAMPLE
Export-FirewallRules
Exports all firewall rules to the CSV file FirewallRules.csv in the current directory.
.EXAMPLE
Export-FirewallRules -Inbound -Allow
Exports all inbound and allowing firewall rules to the CSV file FirewallRules.csv in the current directory.
.EXAMPLE
Export-FirewallRules snmp* SNMPRules.json -json
Exports all SNMP firewall rules to the JSON file SNMPRules.json.
#>

function Export-FirewallRules
{
    Param($Name = "*", $CSVFile = ".\FirewallRules.csv", [SWITCH]$JSON, [SWITCH]$Inbound, [SWITCH]$Outbound, [SWITCH]$Enabled, [SWITCH]$Disabled, [SWITCH]$Block, [SWITCH]$Allow)

    #Requires -Version 4.0

    # convert Stringarray to comma separated liste (String)
    function StringArrayToList($StringArray)
    {
        if ($StringArray)
        {
            $Result = ""
            Foreach ($Value In $StringArray)
            {
                if ($Result -ne "") { $Result += "," }
                $Result += $Value
            }
            return $Result
        }
        else
        {
            return ""
        }
    }

    # Filter rules?
    # Filter by direction
    $Direction = "*"
    if ($Inbound -And !$Outbound) { $Direction = "Inbound" }
    if (!$Inbound -And $Outbound) { $Direction = "Outbound" }

    # Filter by state
    $RuleState = "*"
    if ($Enabled -And !$Disabled) { $RuleState = "True" }
    if (!$Enabled -And $Disabled) { $RuleState = "False" }

    # Filter by action
    $Action = "*"
    if ($Allow -And !$Block) { $Action  = "Allow" }
    if (!$Allow -And $Block) { $Action  = "Block" }


    # read firewall rules
    $FirewallRules = Get-NetFirewallRule -DisplayName $Name -PolicyStore "ActiveStore" | Where-Object { $_.Direction -like $Direction -and $_.Enabled -like $RuleState -And $_.Action -like $Action }

    # start array of rules
    $FirewallRuleSet = @()
    ForEach ($Rule In $FirewallRules)
    { # iterate throug rules
        Write-Output "Processing rule `"$($Rule.DisplayName)`" ($($Rule.Name))"

        # Retrieve addresses,
        $AdressFilter = $Rule | Get-NetFirewallAddressFilter
        # ports,
        $PortFilter = $Rule | Get-NetFirewallPortFilter
        # application,
        $ApplicationFilter = $Rule | Get-NetFirewallApplicationFilter
        # service,
        $ServiceFilter = $Rule | Get-NetFirewallServiceFilter
        # interface,
        $InterfaceFilter = $Rule | Get-NetFirewallInterfaceFilter
        # interfacetype
        $InterfaceTypeFilter = $Rule | Get-NetFirewallInterfaceTypeFilter
        # and security settings
        $SecurityFilter = $Rule | Get-NetFirewallSecurityFilter

        # generate sorted Hashtable
        $HashProps = [PSCustomObject]@{
            Name = $Rule.Name
            DisplayName = $Rule.DisplayName
            Description = $Rule.Description
            Group = $Rule.Group
            Enabled = $Rule.Enabled
            Profile = $Rule.Profile
            Platform = StringArrayToList $Rule.Platform
            Direction = $Rule.Direction
            Action = $Rule.Action
            EdgeTraversalPolicy = $Rule.EdgeTraversalPolicy
            LooseSourceMapping = $Rule.LooseSourceMapping
            LocalOnlyMapping = $Rule.LocalOnlyMapping
            Owner = $Rule.Owner
            LocalAddress = StringArrayToList $AdressFilter.LocalAddress
            RemoteAddress = StringArrayToList $AdressFilter.RemoteAddress
            Protocol = $PortFilter.Protocol
            LocalPort = StringArrayToList $PortFilter.LocalPort
            RemotePort = StringArrayToList $PortFilter.RemotePort
            IcmpType = StringArrayToList $PortFilter.IcmpType
            DynamicTarget = $PortFilter.DynamicTarget
            Program = $ApplicationFilter.Program -Replace "$($ENV:SystemRoot.Replace("\","\\"))\\", "%SystemRoot%\" -Replace "$(${ENV:ProgramFiles(x86)}.Replace("\","\\").Replace("(","\(").Replace(")","\)"))\\", "%ProgramFiles(x86)%\" -Replace "$($ENV:ProgramFiles.Replace("\","\\"))\\", "%ProgramFiles%\"
            Package = $ApplicationFilter.Package
            Service = $ServiceFilter.Service
            InterfaceAlias = StringArrayToList $InterfaceFilter.InterfaceAlias
            InterfaceType = $InterfaceTypeFilter.InterfaceType
            LocalUser = $SecurityFilter.LocalUser
            RemoteUser = $SecurityFilter.RemoteUser
            RemoteMachine = $SecurityFilter.RemoteMachine
            Authentication = $SecurityFilter.Authentication
            Encryption = $SecurityFilter.Encryption
            OverrideBlockRules = $SecurityFilter.OverrideBlockRules
        }

        # add to array with rules
        $FirewallRuleSet += $HashProps
    }

    if (!$JSON)
    { # output rules in CSV format
        $FirewallRuleSet | ConvertTo-CSV -NoTypeInformation -Delimiter ";" | Set-Content $CSVFile
    }
    else
    { # output rules in JSON format
        $FirewallRuleSet | ConvertTo-JSON | Set-Content $CSVFile
    }
}