16

I'm wondering whether anyone in Microsoft has ever come to a situation where they can't remember a rule's name!
The netsh advfirewall firewall show rule only accepts 1 name and no pattern matching facility is available on netsh to help find a rule using a pattern like "SQL*" or ^SQL.+$
using show and name=all it is possible to list all rules but I was unable to find a solid command-line grep tool for windows.

I want to be able to run a command like this: 

netsh advfirewall firewall show rule name=sql*

Is this possible?

Achilles
  • 412
  • 2
  • 8
  • 17
  • 2
    a fast answer would be: `netsh advfirewall firewall show rule name=all | find "SQL"`; but the output and the control is not as satisfying as it should be. It's rather messy and even worse, Case-Sensitive ... – Achilles Aug 08 '12 at 16:46
  • think the following link may help http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx – tony roth Aug 08 '12 at 16:54
  • Using Powershell is another option; yes. but what if you want to do this on a remote machine? Is it possible to leave the remote ports for PS open and have IDS/IPS like what I have with BvSsshServer? I'm looking for something available in Windows' native command prompt. – Achilles Aug 09 '12 at 05:43
  • It seems like it's possible to secure PS using SSL: http://technet.microsoft.com/en-us/magazine/ff700227.aspx – Achilles Aug 09 '12 at 05:49
  • I've found that using `/I` with `FIND` command, I can dodge the case-sensitive problem; but the result is still messy... – Achilles Aug 11 '12 at 08:07
  • The GNUWin32 project has a nice `grep` for windows... – Achilles Jan 09 '13 at 11:41

6 Answers6

13

In PowerShell run:

$fw=New-object -comObject HNetCfg.FwPolicy2    
$fw.rules | findstr /i "whaturlookingfor"

better yet:

$fw.rules | select name | select-string "sql"
I say Reinstate Monica
  • 3,100
  • 7
  • 23
  • 51
tony roth
  • 3,844
  • 17
  • 14
  • 1
    $fw.rules | where-object {$_.Enabled -eq $true -and $_.Direction -eq 1} Helped me arrive at this (inbound enabled). – Bratch Jan 21 '14 at 20:11
  • 3
    further, you can select only certain properties of the rule. `$fw.Rules | where-object {$_.Enabled -eq $true -and $_.Direction -eq 1} | Select-Object -property name, direction, enabled` – Dan Pritts Nov 06 '15 at 17:35
  • 1
    I'm confused, is this meant to be run in a netsh prompt? Or some other environment? – jjxtra Dec 10 '15 at 21:57
  • This has to be run in a PowerShell prompt or as part of a PowerShell (.ps1) script. `New-Object` is a PowerShell cmdlet that provides access to the much older COM API while preserving PowerShell syntax and object structure. – BaseZen Apr 11 '18 at 22:44
6

This is best I could do. Anyone know how to take it further? Like remove/subtract the Rule Name from the results?

netsh advfirewall firewall show rule name=all | find "Rule Name:" | find "NameLookingFor"
HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Ben
  • 61
  • 1
  • 1
4

On Windows 10 I get a warning when I execute netsh advfirewall, saying that future Windows versions may not support that feature anymore and one should use PowerShell instead. Luckily, what the OP wanted to do is easy in PowerShell:

Get-NetFirewallRule -DisplayName "SQL*"

I had 1000+ firewall rules that were created by a randomly-named executable that I wanted to remove. The following command made this easy to do:

Remove-NetFirewallRule -DisplayName "*mongod.exe"

bcody
  • 140
  • 3
3

You can try Select-String:

netsh advfirewall firewall show rule name=all | select-string -pattern "Hyper-V"
Cristian Ciupitu
  • 6,226
  • 2
  • 41
  • 55
Loul G.
  • 139
  • 2
  • 1
    Please don't downvote without checking that you are in the required conditions for this solution to work. – Loul G. Dec 11 '15 at 12:51
2

Without PowerShell you can simply use regex with findstr:

netsh advfirewall firewall show rule name=all | findstr /R "sql.*"
I say Reinstate Monica
  • 3,100
  • 7
  • 23
  • 51
SDK
  • 121
  • 2
1

This is admittedly a coat-tails answer but a comment would obscure the point.

This is also admittedly answering a slightly different question: how can I not use netsh and still find rules? :-)

I think it's best to stay in the PowerShell idiom if you're there already, and you can use the full pattern matching capability including regexes therein.

For the sake of it, I included some conditionals and mutation to show how all PowerShell constructs are embeddable in the functional-style blocks.

Final caveat that mutations must be run with Administrative rights where as reads need not.

(New-Object -ComObject HNetCfg.FwPolicy2).rules |
    Where-Object { $_.Name -match '^SQL.+$' } |
    ForEach-Object { Write-Output "Checking $($_.Name)"
      if ( $_.Enabled ) { Write-Output "$($_.Name) already enabled" }
      else { Write-Output "$($_.Name) enabled"; $_.Enabled = $true }
    }
BaseZen
  • 384
  • 2
  • 14