How to get the list of IP addresses from a firewall rule?

Question

I'm trying to get the current list of configured IP addresses from a certain firewall rule, so that I can compare it to a list of addresses to add and eliminate the ones that already exist.

Using the syntax found here, I'm able to display the first few IP addresses from the rule:

$Rule = Get-NetFirewallRule -Action Block -Enabled True -Direction Inbound
$Rule | Format-Table -Property DisplayName,@{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}}

Output:

DisplayName                     RemoteAddress
-----------                     -------------
Block SMTP Brute Force (TCP-In) {5.34.207.103, 103.145.254.105, 46.148.40.171, 80.94.95.206...}

This shows that I have indeed been able to access the list, but it stops short of actually allowing me to enumerate it.

How can I get this list into a runtime variable for processing?

Answer 1

Use the following code:

(Get-NetFirewallRule | Where-Object { $_.DisplayName -eq 'RULE_NAME' } | Get-NetFirewallAddressFilter).RemoteAddress

Answer 2

I was able to accomplish this by altering the syntax slightly:

$Rules = Get-NetFirewallRule -Action Block -Enabled True -Direction Inbound
$Rules | % { 
  $Rule = $_
  $List = ($Rule | Get-NetFirewallAddressFilter).RemoteAddress
  Write-Output $Rule.DisplayName
  Write-Output "----------------"
  Write-Output $List
  Write-Output ""
}