PDA

View Full Version : Enable/open outbound firewall ports using powershell script



Harshala
11-06-2015, 06:16 AM
We have created powershell script to open/enable outbound firewall ports instead of executing .bat file using Installshield 2015 professional edition. When we execute .bat file it will command prompt(i.e. Black window). We have created powershell script to hide command prompt window. But, rules are not created in outbound it always created in inbound rules.

Could you please anyone tell me how to created outbound ports using powershell script?

Thanks

DLee65
11-11-2015, 05:03 PM
It looks like you have to specify the direction.
Open a powershell window and type in 'netsh advfirewall firewall add rule /?'
This should give you details. Look at the dir=in|out parameter. I suspect that you are missing dir=out. There are other parameters you may need to consider here as well.

Hopefully this helps.

If you are calling a .NET method then look for the equivalent there as well.

EDIT: I just looked up the .NET method using the INetFwPolicy2 to create a firewallpolicy. Here is some sample code:


INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID(FWPOLICYNAME));
INetFwRule firewallRule = firewallPolicy.Rules.OfType<INetFwRule>().Where(x => x.Name == policyName).FirstOrDefault();
firewallRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT;
firewallRule.LocalPorts = portNumber;


public const string FWPOLICYNAME = "HNetCfg.FwPolicy2";

add using NetFwTypeLib;

Harshala
11-16-2015, 07:45 AM
Thanks for the Reply.

But we have written script in powershell. Please find below code...!

$port1 = New-Object -ComObject HNetCfg.FWOpenPort
$port2 = New-Object -ComObject HNetCfg.FWOpenPort
$port3 = New-Object -ComObject HNetCfg.FWOpenPort
$port4 = New-Object -ComObject HNetCfg.FWOpenPort
$port5 = New-Object -ComObject HNetCfg.FWOpenPort
$port1.Port = 55007
$port1.Protocol = 6
$port2.Port = 55008
$port2.Protocol = 6
$port3.Port = 55004
$port3.Protocol = 17
$port3.Direction = 2
$port4.Port = 43440
$port4.Protocol = 6
$port5.Port = 43440
$port5.Protocol = 17
$port5.Direction = 2
$port1.Name = 'MA' # name of Port
$port1.Enabled = $true
$port2.Name = 'MA' # name of Port
$port2.Enabled = $true
$port3.Name = 'MA' # name of Port
$port3.Enabled = $true
$port4.Name = 'MA' # name of Port
$port4.Enabled = $true
$port5.Name = 'MA' # name of Port
$port5.Enabled = $true
$fwMgr = New-Object -ComObject HNetCfg.FwMgr
$profiledomain=$fwMgr.LocalPolicy.CurrentProfile
$profiledomain.GloballyOpenPorts.Add($port1)
$profiledomain.GloballyOpenPorts.Add($port2)
$profiledomain.GloballyOpenPorts.Add($port3)
$profiledomain.GloballyOpenPorts.Add($port4)
$profiledomain.GloballyOpenPorts.Add($port5)

But in above code "$port5.Direction = 2" is not working.

Could you please help me to create/open firewall port in outbound rules using above code?

Thanks

DLee65
11-16-2015, 11:51 AM
I really do not mind helping out, but I would suggest that you could have easily fixed this with some google searches.

You need to replace the '2' value with 'Inbound' or 'Outbound'. The PS documentation indicates that these are the acceptable values.

-Direction<Direction>
Specifies that matching firewall rules of the indicated direction are created.
This parameter specifies which direction of traffic to match with this rule.
The acceptable values for this parameter are: Inbound or Outbound.
The default value is Inbound.

See https://technet.microsoft.com/en-us/library/jj554908(v=wps.630).aspx for a list of the PowerShell options for New-NetFirewallRule.