I've noticed that when we create a firewall rule through netsh advfirewall firewall, it can be run multiple times, creating multiple identical firewall rules.
Is there any way of checking if the firewall rule exists before attempting to create a new one?
I managed to get this going through PowerShell's Network Security Cmdlets, the following code will check for a named firewall rule along with a specified local port, if it finds an entry, it does not create the rule. If it does not find an entry, it will create the rule
$firewallPort = ""
$firewallRuleName = ""
write-host "Checking for '$firewallRuleName' firewall rule on port '$firewallPort' now...."
if ($(Get-NetFirewallRule –DisplayName $firewallRuleName | Get-NetFirewallPortFilter | Where { $_.LocalPort -eq $firewallPort }))
{
write-host "Firewall rule for '$firewallRuleName' on port '$firewallPort' already exists, not creating new rule"
}
else
{
write-host "Firewall rule for '$firewallRuleName' on port '$firewallPort' does not already exist, creating new rule now..."
New-NetFirewallRule -DisplayName $firewallRuleName -Direction Inbound -Profile Domain,Private,Public -Action Allow -Protocol TCP -LocalPort $firewallPort -RemoteAddress Any
write-host "Firewall rule for '$firewallRuleName' on port '$firewallPort' created successfully"
}
Check if rule "myrule" not exists
netsh advfirewall firewall show rule name="myrule" | findstr "no rules"
To expand on @Oleg's answer, here is what I use. Replace the ... according to the criteria for your rule.
set name="my rule"
netsh advfirewall firewall show rule name=!name! >nul
if errorlevel 1 (
echo Adding firewall rule !name!
netsh advfirewall firewall add rule name=!name! ...
)
why nobody mentioned the || operator for failures in batch? the opposite of the && success operator
:: (if command errors) || (exec this command)
netsh advfirewall firewall show rule name="myrule" >nul || netsh advfirewall firewall add rule name="myrule" ...
Get-Command -Module NetSecurity
get-help Get-NetFirewallRule -full
