New NetFirewallRule - PowerShell

Overview

New-NetFirewallRule creates a Windows Firewall rule for an individual application or port. It allows specifying advanced firewall properties for granular control over network access. This command is ideal for fine-tuning network security policies for both inbound and outbound traffic.

Syntax

New-NetFirewallRule [-DisplayName] <string> [-Description] <string> [-LocalPort] <string> [-LocalAddress] <string> [-RemotePort] <string> [-RemoteAddress] <string> [-Direction] <string> [-Action] <string> [-Protocol] <string> [-EdgeTraversalPolicy] <string> [-Profile] <string> [-EnableVerbose] [-Confirm] [-WhatIf] [<CommonParameters>]

Options/Flags

  • -DisplayName: Custom name for the rule.
  • -Description: Detailed description of the rule’s purpose.
  • -LocalPort: Port number(s) on the local computer affected by the rule. Use an asterisk (*) for all ports.
  • -LocalAddress: IP address(es) or subnet(s) on the local computer affected by the rule. Use an asterisk (*) for all addresses.
  • -RemotePort: Port number(s) on the remote computer affected by the rule. Use an asterisk (*) for all ports.
  • -RemoteAddress: IP address(es) or subnet(s) on the remote computer affected by the rule. Use an asterisk (*) for all addresses.
  • -Direction: Specifies inbound or outbound traffic. Possible values: Inbound, Outbound, Both.
  • -Action: What the firewall should do when the rule is applied. Possible values: Allow, Block, Drop. Default: Allow.
  • -Protocol: Network protocol for which the rule applies. Supports any valid protocol name or number.
  • -EdgeTraversalPolicy: How the rule interacts with Network Edge Translation (NAT). Default: NotEdgeTraversal.
  • -Profile: Firewall profile to which the rule applies. Possible values: Domain, Private, Public. Default: Domain.
  • -EnableVerbose: Provides more detailed output.
  • -Confirm: Prompts for confirmation before executing the command.
  • -WhatIf: Shows what the command would do without executing it.

Examples

Allow inbound traffic on port 80:

New-NetFirewallRule -DisplayName "Allow Web Traffic" -Direction Inbound -LocalPort 80 -Action Allow

Block outbound traffic to specific IP address:

New-NetFirewallRule -DisplayName "Block Malicious IP" -Direction Outbound -RemoteAddress "10.0.0.10" -Action Block

Create a rule for all ports used by a specific application:

$appExe = "C:\Program Files\MyApplication\MyApp.exe"
$appPorts = (Get-NetFirewallApplication -Path $appExe).EnabledPorts
New-NetFirewallRule -DisplayName "$appExe Firewall Rule" -LocalPort $appPorts -Direction Both -Action Allow

Common Issues

  • Ensure that the supplied ports and addresses are valid.
  • Check that the firewall service is running on the target computer.
  • Verify that the specified application path is correct.
  • If the rule conflicts with an existing one, you may need to manually delete the conflicting rule before creating the new one.

Integration

Combine with Get-NetFirewallRule to view and manage existing firewall rules.
Use with Invoke-Command to create firewall rules remotely on multiple computers.
Integrate into scripts to automate firewall configuration for various scenarios.

  • Get-NetFirewallRule
  • Set-NetFirewallRule
  • Remove-NetFirewallRule
  • Enable-NetFirewallRule
  • Disable-NetFirewallRule