3

The commande here allow to show all the rules, 

    netsh advfirewall firewall show rule dir=in name=all

I would like to filter

  • rules which are related to the port 445.
  • currently enabled rules.

I read the documentation and i could see that for example, the optional option [dir=in|out] is not documented.

How can it be achieved? Where a documentation about undocumented possibilities

I may use VB script or Powershell 2.0 if required.

MUY Belgium
  • 2,330
  • 4
  • 30
  • 46

1 Answers1

6

These are the only two undocumented options I know of:

dir (direction) - in or out

status - enabled or disabled

We can build a netsh query that gets close and is just missing the port part:

netsh advfirewall firewall show rule status=enabled name=all

We can look for the port requirement using powershell's select-string (disclaimer that I'm not good at regex so there might be a better one, but this seems to work)

select-string -pattern "(LocalPort.*445)|(LocalPort.*Any)" -context 9,4

The select-string matches anything that is specific to rule 445, and also rules that apply to any port. The context argument will display the rest of the rule for us (otherwise we'll just get the LocalPort line)

The final command ends up being

netsh advfirewall firewall show rule status=enabled name=all | select-string -pattern "(LocalPort.*445)|(LocalPort.*Any)" -context 9,4

This works for me, let me know if it gives you any issues or you want something else.

alexcalibur
  • 384
  • 1
  • 7
  • hello, don't want to ask same que but little different, how can i filter rule names which starts with "Network Discovery" i.e, rule name might be Network Discovery or Network Discovery (SSDP-In) and so on? I don't use powershell so please tell some trick for this in windows cmd – pratapvaibhav19 Feb 24 '16 at 20:04