4

I am trying to control a Windows Server 2012 (R2) firewall by using PowerShell commands (see https://technet.microsoft.com/en-us/library/hh831755.aspx#BKMK_ProfileGlobalDefaults for example and reference).

On my Linux machines, I was able to track connection state with IPTables using conntrack to be able to allow established and related connections (http://www.iptables.info/en/connection-state.html). I haven't found an equivalent in the Windows Firewall.

Is there a way to do this in Windows Server using PowerShell? I have searched all over the internet and not found anything relevant.

rhlsthrm
  • 141
  • 2
  • I assume you're trying to trace or sniff TCP/IP packets with built-in Windows utilities so check out [**Netsh Commands for Network Trace**](https://technet.microsoft.com/en-us/library/jj129382.aspx). Otherwise, I usually use [**Wireshark**](https://www.wireshark.org/) even though it's not Windows native for this task as I'm most familiar with it but if that build in will suffice then this MAY be what you're looking for I assume. – Pimp Juice IT Jan 14 '16 at 06:19
  • I am not exactly trying to trace packets, what I am trying to do is enforce policies by shutting down inbound/outbound ports while leaving established connections alive. – rhlsthrm Jan 14 '16 at 18:48

2 Answers2

1

Changing firewall rules will affect established connections. see this answer Do new Windows firewall rules affect currently open connections?

it is time to leave windows, linux iptables is magic.

Badr Elmers
  • 256
  • 2
  • 6
1

You can query active TCP connections, listening ports, processes, etc. using the netstat command in Windows.

https://technet.microsoft.com/en-us/library/ff961504.aspx

For your script, you could combine netstat it with some PowerShell to do the filtering and parsing and build your firewall commands. For example, this script takes the netstat command and extends it to provide process names and filtering.

https://gallery.technet.microsoft.com/scriptcenter/Get-NetworkStatistics-66057d71

learley
  • 439
  • 2
  • 5