Check for existing firewall rule

Aud333 · December 29, 2020, 6:03pm

Hi,
I am adding Windows Firewall rule with PSADT: Execute-Process -FilePath “C:\Windows\System32\netsh.exe” -Arguments “advfirewall firewall add rule name=”“TEST_FW”" profile=domain protocol=TCP enable=yes dir=in action=allow program="“C:\Program Files (x86)\TEST\test.exe”""

To avoid duplicating firewall rules, I wish to check if firewall rule exists first, before adding the rule.

I would appreciate your advice on how to check for existing firewall rule.

Thank you.

Christophe_Girardy · December 30, 2020, 12:22pm

Hi,
I’m using this function to check for firewall rules:

Function Get-FireWallRule
{Param ($Name, $Direction, $Enabled, $Protocol, $profile, $action, $grouping)
$Rules=(New-object –comObject HNetCfg.FwPolicy2).rules
If ($name)      {$rules= $rules | where-object {$_.name     –like $name}}
If ($direction) {$rules= $rules | where-object {$_.direction  –eq $direction}}
If ($Enabled)   {$rules= $rules | where-object {$_.Enabled    –eq $Enabled}}
If ($protocol)  {$rules= $rules | where-object {$_.protocol  -eq $protocol}}
If ($profile)   {$rules= $rules | where-object {$_.Profiles -bAND $profile}}
If ($Action)    {$rules= $rules | where-object {$_.Action     -eq $Action}}
If ($Grouping)  {$rules= $rules | where-object {$_.Grouping -Like $Grouping}}
$rules}

## <Perform Pre-Installation tasks here>
write-log -Message "Searching for Java Firewall Rules" -Severity 1 -Source $deployAppScriptFriendlyName
$FWRules = Get-FirewallRule -Name java*

If ($FWRules) {
    write-log -Message "Firewall Rule Java found" -Severity 1 -Source $deployAppScriptFriendlyName
    If ($envOSName -like "*2008*") {
       write-log -Message "Removing Firewall Rule Java on $envOSName" -Severity 1 -Source $deployAppScriptFriendlyName
       Execute-Process -Path "$envSystem32Directory\netsh.exe" -Parameters "advfirewall firewall delete rule name=""Java(TM) Platform SE binary"""
       }             
    Else {
         ForEach ($Rule in $FWRules) {
         write-log -Message "Removing Firewall Rule Java on $envOSName" -Severity 1 -Source $deployAppScriptFriendlyName
                    Remove-NetFirewallRule -DisplayName $Rule.Name
                }
            }
        }
Else {
    write-log -Message "No Firewall Rule Java found" -Severity 1 -Source $deployAppScriptFriendlyName
}

##*===============================================
##* POST-INSTALLATION
##*===============================================
[string]$installPhase = 'Post-Installation'

## <Perform Post-Installation tasks here>
If ($Is64Bit){
    write-log -Message "64-bit OS.  Configuring for the 64-bit OS" -Severity 1 -Source $deployAppScriptFriendlyName
    # Define Path to add
    $DestPath = $appDirx64
    ## Adding Firewall Rules for Java
    Write-Log -Message "Adding Firewall Rules for Java" -Severity 1 -Source $deployAppScriptFriendlyName
    New-NetFirewallRule -DisplayName "Java(TM) Platform SE binary" -Direction Inbound -Program "$DestPath\bin\javaw.exe" -Action Allow -Enabled True -Profile Domain -Protocol UDP
    New-NetFirewallRule -DisplayName "Java(TM) Platform SE binary" -Direction Inbound -Program "$DestPath\bin\javaw.exe" -Action Allow -Enabled True -Profile Domain -Protocol TCP
    }
else{
    write-log -Message "32-bit OS.  Configuring for the 32-bit OS" -Severity 1 -Source $deployAppScriptFriendlyName
	# Define Path to add
	$DestPath = $appDirx86
	Write-Log -Message "Adding Firewall Rules for Java" -Severity 1 -Source $deployAppScriptFriendlyName
	Execute-Process -Path "$envSystem32Directory\netsh.exe" -Parameters "advfirewall firewall add rule name=""Java(TM) Platform SE binary"" dir=in action=allow program=""$DestPath\bin\javaw.exe"" enable=yes profile=domain protocol=udp"
	Execute-Process -Path "$envSystem32Directory\netsh.exe" -Parameters "advfirewall firewall add rule name=""Java(TM) Platform SE binary"" dir=in action=allow program=""$DestPath\bin\javaw.exe"" enable=yes profile=domain protocol=tcp"
    } 
        
    ## Add JAVA_HOME to environment variables
    Write-Log -Message "Adding JAVA_HOME variable and adding $DestPath" -Severity 1 -Source $deployAppScriptFriendlyName
    #add $DestPath to permanent system wide path
    $ExistingVar = [System.Environment]::GetEnvironmentVariable('JAVA_HOME',[System.EnvironmentVariableTarget]::Machine)
    $EnvVarJH = $ExistingVar | %{$_ -match "JAVA_HOME"} 
    If (!($EnvVarJH -contains $True)) {
        [Environment]::SetEnvironmentVariable("JAVA_HOME", $DestPath, "Machine")
    }

For the record, my x64 computers are W10 and x86 are W7 so I cannot use the same function to add firewall rules.

Aud333 · January 6, 2021, 10:40am

Thanks, Christophe_Girardy, for sharing your script, it did help me.

Christophe_Girardy · January 11, 2021, 7:20am

You’re welcome
I’m glad I could help you

Topic		Replies	Views
Allow Firewall Action for User profile Toolkit Features	1	125	January 11, 2024
Win 10 auto-vpn General Discussion	7	585	April 21, 2020
Determining if multiple security updates installed General Discussion	2	854	January 12, 2016
Function to check if application is already installed General Discussion	4	6190	March 22, 2016
Suppressing Errors in Functions Using ErrorActionPreference General Discussion	3	1642	August 17, 2015

Check for existing firewall rule

Related Topics