netsh show rules filtered by local port

MUY Belgium picture MUY Belgium · May 29, 2015 · Viewed 14.2k times · Source

The commande here allow to show all the rules,

    netsh advfirewall firewall show rule dir=in name=all

I would like to filter

  • rules which are related to the port 445.
  • currently enabled rules.

I read the documentation and i could see that for example, the optional option [dir=in|out] is not documented.

How can it be achieved? Where a documentation about undocumented possibilities

I may use VB script or Powershell 2.0 if required.

Answer

alexcalibur picture alexcalibur · Jun 4, 2015

These are the only two undocumented options I know of:

dir (direction) - in or out

status - enabled or disabled

We can build a netsh query that gets close and is just missing the port part:

netsh advfirewall firewall show rule status=enabled name=all

We can look for the port requirement using powershell's select-string (disclaimer that I'm not good at regex so there might be a better one, but this seems to work)

select-string -pattern "(LocalPort.*445)|(LocalPort.*Any)" -context 9,4

The select-string matches anything that is specific to rule 445, and also rules that apply to any port. The context argument will display the rest of the rule for us (otherwise we'll just get the LocalPort line)

The final command ends up being

netsh advfirewall firewall show rule status=enabled name=all | select-string -pattern "(LocalPort.*445)|(LocalPort.*Any)" -context 9,4

This works for me, let me know if it gives you any issues or you want something else.