Add-FirewallRule
Description:
Used to Add a firewall rule to your package/adjustment/shimming scripts! Detection Method for added rules is located at the bottom section!
Language:
Powershell
Usage Type:
Packaging Function
Script Source:
# Note: Detection Method Function is at the bottom of the script - only grab the add function for your installation/adjustment script! # For setting firewall rules function Add-FirewallRule ($RuleName, $RuleType, $ProtocolType, $PortNumber, $ProgramPath) { ######################################## # Create Firewall Rule # Function Date: 18.8.15.4 # Function By: Sean Huggans ######################################## # Usage Note 1: function is dependent on the below 2 lines being present at the beginning of your script, as well as the standard logging function being present $script:wmiOS = Get-WmiObject -Class Win32_OperatingSystem; $script:OS = $wmiOS.Caption # Usage Note 2: Use the Add-Firewall function below in your script, Call the function with the following examples: # - Example 1 (Port): Add-FirewallRule -RuleName "ApplicationX" -RuleType Port -ProtocolType TCP -PortNumber 2233 # - Example 1 (Port Range): Add-FirewallRule -RuleName "ApplicationX" -RuleType Port -ProtocolType UDP -PortNumber 2233-2236 # - Example 2 (Process/Program): Add-FirewallRule -RuleName "ApplicationX" -RuleType Process -ProgramPath "C:\Program Files\Application X\X.exe" #Usage Note 3: It may be benneficial to use the Other firewall related standard functions in order to ensure the firewall is enabled and active prior to calling this function! try { if ($OS -like "*Windows 10*") { switch ($RuleType) { "Port" { if ($PortNumber -notlike "*-*") { New-NetFirewallRule -DisplayName "$($RuleName) ($($ProtocolType) $($PortNumber))" -profile Domain -Direction Inbound -Action Allow -Protocol $($ProtocolType) -LocalPort $PortNumber -ErrorAction Stop | Out-Null } else { Log-Action -Message " - (Info!) Port Number ($PortNumber) is a Range, Attempting to add it now..." New-NetFirewallRule -DisplayName "$($RuleName) ($($ProtocolType) $($PortNumber))" -profile Domain -Direction Inbound -Action Allow -Protocol $($ProtocolType) -LocalPort $PortNumber -ErrorAction Stop | Out-Null } Log-Action -Message " - - Successfully created rule ""$($RuleName) ($($ProtocolType) $($PortNumber))"", Allowing inbound connections on $($ProtocolType) port ""$($PortNumber)""" return $true } "Process" { # Using Split instead get-ItemProperty incase the application is not yet installed when this is called $ProgramSplit = $ProgramPath.Split("\") $ProgramName = $ProgramSplit[$($ProgramSplit.Length -1)] New-NetFirewallRule -DisplayName "$($RuleName) ($($ProgramName))" -profile Domain -Direction Inbound -Program $ProgramPath -Action Allow -ErrorAction Stop | Out-Null Log-Action -Message " - Successfully created rule ""$($RuleName) ($($ProgramName))"", Allowing inbound connections to ""$($ProgramPath)""" return $true } default { Log-Action -Message " - Error: Unknown Rule Type ($($RuleType)) called attempting to create rule ("$($RuleName) ($($ProtocolType))")! Check syntax!" return $false } } } else { switch ($RuleType) { "Port" { if ($PortNumber -notlike "*-*") { & netsh advfirewall firewall add rule name="$($RuleName) ($($ProtocolType) $($PortNumber))" dir=in action=allow protocol=$($ProtocolType) localport=$($PortNumber) Log-Action -Message " - Successfully created rule ""$($RuleName) ($($ProtocolType))"", Allowing inbound connections on $($ProtocolType) port ""$($PortNumber)""" } else { Log-Action -Message " - - (Info!) Port Number ($PortNumber) is a Range, Attempting to add it now..." & netsh advfirewall firewall add rule name="$($RuleName) ($($ProtocolType) $($PortNumber))" dir=in action=allow protocol=$($ProtocolType) localport=$($PortNumber) } Log-Action -Message " - Successfully created rule ""$($RuleName) ($($ProtocolType))"", Allowing inbound connections on $($ProtocolType) port ""$($PortNumber)""" return $true } "Process" { # Using Split instead get-ItemProperty incase the application is not yet installed when this is called $ProgramSplit = $ProgramPath.Split("\") $ProgramName = $ProgramSplit[$($ProgramSplit.Length -1)] & netsh advfirewall firewall add rule name="$($RuleName) ($($ProgramName))" protocol=any enable=yes DIR=In program="$($ProgramPath)" Log-Action -Message " - Successfully created rule ""$($RuleName) ($($ProgramName))"", Allowing inbound connections to ""$($ProgramPath)""" return $true } default { Log-Action -Message " - Error: Unknown Rule Type ($($RuleType)) called attempting to create rule ("$($RuleName) ($($ProtocolType))")! Check syntax!" return $false } } } } catch { Log-Action -Message " - Error creating rule ""$($RuleName) ($($ProtocolType))""!" return $false } } #Detection Method Component function Check-FirewallRule ($RuleName, $RuleType, $ProtocolType, $PortNumber, $ProgramPath) { ######################################## # Check Firewall Rule # Function Date: 18.8.15.2 # Function By: Sean Huggans ######################################## # Usage Note 1: function is dependent on the below 2 lines being present at the beginning of your script $script:wmiOS = Get-WmiObject -Class Win32_OperatingSystem; $script:OS = $wmiOS.Caption # Usage Note 2: Use the Add-Firewall function below in your script, Call the function with the following examples: # - Example 1 (Port): Check-FirewallRule -RuleName "ApplicationX" -RuleType Port -ProtocolType TCP -PortNumber 2233 # - Example 1 (Port Range): Check-FirewallRule -RuleName "ApplicationX" -RuleType Port -ProtocolType UDP -PortNumber 2233-2236 # - Example 2 (Process/Program): Check-FirewallRule -RuleName "ApplicationX" -RuleType Process -ProgramPath "C:\Program Files\Application X\X.exe" if ($OS -like "*Windows 10*") { switch ($RuleType) { "Port" { if (Get-NetFirewallRule -DisplayName "$($RuleName) ($($ProtocolType) $($PortNumber))" -ErrorAction SilentlyContinue) { return $true } } "Process" { $ProgramSplit = $ProgramPath.Split("\") $ProgramName = $ProgramSplit[$($ProgramSplit.Length -1)] if (Get-NetFirewallRule -DisplayName "$($RuleName) ($($ProgramName))" -ErrorAction SilentlyContinue) { return $true } } } } else { switch ($RuleType) { "Port" { $RuleCheck = &netsh advfirewall firewall show rule name="$($RuleName) ($($ProtocolType) $($PortNumber))" if ($RuleCheck -ne $null) { return $true } } "Process" { $ProgramSplit = $ProgramPath.Split("\") $ProgramName = $ProgramSplit[$($ProgramSplit.Length -1)] $RuleCheck = &netsh advfirewall firewall show rule name="$($RuleName) ($($ProgramName))" if ($RuleCheck -ne $null) { return $true } } } } }
Note: that all applications posted here are posted for use, both commercial and non-commercial, free of charge, and as such are provided as-is, without warranty of any kind whatsoever. visuaFUSION, FMSCUG or any other program listed here's author are not responsible for any damages or shortcomings that result from usage of any of these applications.