New NetFirewallRule - PowerShell
Overview
New-NetFirewallRule creates a Windows Firewall rule for an individual application or port. It allows specifying advanced firewall properties for granular control over network access. This command is ideal for fine-tuning network security policies for both inbound and outbound traffic.
Syntax
New-NetFirewallRule [-DisplayName] <string> [-Description] <string> [-LocalPort] <string> [-LocalAddress] <string> [-RemotePort] <string> [-RemoteAddress] <string> [-Direction] <string> [-Action] <string> [-Protocol] <string> [-EdgeTraversalPolicy] <string> [-Profile] <string> [-EnableVerbose] [-Confirm] [-WhatIf] [<CommonParameters>]
Options/Flags
- -DisplayName: Custom name for the rule.
- -Description: Detailed description of the rule’s purpose.
- -LocalPort: Port number(s) on the local computer affected by the rule. Use an asterisk (*) for all ports.
- -LocalAddress: IP address(es) or subnet(s) on the local computer affected by the rule. Use an asterisk (*) for all addresses.
- -RemotePort: Port number(s) on the remote computer affected by the rule. Use an asterisk (*) for all ports.
- -RemoteAddress: IP address(es) or subnet(s) on the remote computer affected by the rule. Use an asterisk (*) for all addresses.
- -Direction: Specifies inbound or outbound traffic. Possible values: Inbound, Outbound, Both.
- -Action: What the firewall should do when the rule is applied. Possible values: Allow, Block, Drop. Default: Allow.
- -Protocol: Network protocol for which the rule applies. Supports any valid protocol name or number.
- -EdgeTraversalPolicy: How the rule interacts with Network Edge Translation (NAT). Default: NotEdgeTraversal.
- -Profile: Firewall profile to which the rule applies. Possible values: Domain, Private, Public. Default: Domain.
- -EnableVerbose: Provides more detailed output.
- -Confirm: Prompts for confirmation before executing the command.
- -WhatIf: Shows what the command would do without executing it.
Examples
Allow inbound traffic on port 80:
New-NetFirewallRule -DisplayName "Allow Web Traffic" -Direction Inbound -LocalPort 80 -Action Allow
Block outbound traffic to specific IP address:
New-NetFirewallRule -DisplayName "Block Malicious IP" -Direction Outbound -RemoteAddress "10.0.0.10" -Action Block
Create a rule for all ports used by a specific application:
$appExe = "C:\Program Files\MyApplication\MyApp.exe"
$appPorts = (Get-NetFirewallApplication -Path $appExe).EnabledPorts
New-NetFirewallRule -DisplayName "$appExe Firewall Rule" -LocalPort $appPorts -Direction Both -Action Allow
Common Issues
- Ensure that the supplied ports and addresses are valid.
- Check that the firewall service is running on the target computer.
- Verify that the specified application path is correct.
- If the rule conflicts with an existing one, you may need to manually delete the conflicting rule before creating the new one.
Integration
Combine with Get-NetFirewallRule to view and manage existing firewall rules.
Use with Invoke-Command to create firewall rules remotely on multiple computers.
Integrate into scripts to automate firewall configuration for various scenarios.
Related Commands
- Get-NetFirewallRule
- Set-NetFirewallRule
- Remove-NetFirewallRule
- Enable-NetFirewallRule
- Disable-NetFirewallRule