Categories

Controlling Firewall Rules

I decide that for this module I wanted some functions that control specific rule that I could be working with often e.g. Enable/Disable WMI rules and then I want a generic function for everything else.

Lets start with some specifics. If we look at the WMI rules

get-rule | where{$_.Name -like "*wmi*"}

we get this output.

Action    : Allow
Name      : Windows Management Instrumentation (WMI-Out)
Profile   : {Private, Public}
Direction : Outbound
Protocol  : TCP

Action    : Allow
Name      : Windows Management Instrumentation (WMI-In)
Profile   : {Private, Public}
Direction : Inbound
Protocol  : TCP

Action    : Allow
Name      : Windows Management Instrumentation (WMI-Out)
Profile   : {Domain}
Direction : Outbound
Protocol  : TCP

Action    : Allow
Name      : Windows Management Instrumentation (WMI-In)
Profile   : {Domain}
Direction : Inbound
Protocol  : TCP

As they are enabled we’ll start by looking at disabling them.

function disable-wmi {             
[CmdletBinding()]             
param (            
             
 [parameter(ParameterSetName="Inbound")]            
 [switch]$in,            
             
 [parameter(ParameterSetName="Outbound")]            
 [switch]$out,            
             
 [switch]$domain,            
 [switch]$private,            
 [switch]$public            
)             
BEGIN{}#begin             
PROCESS{            
$fw = New-Object -ComObject HNetCfg.FwPolicy2            
            
switch ($psCmdlet.ParameterSetName) {            
 "Inbound"  {$direction = 1 }            
 "Outbound"  {$direction = 2 }            
 default {Write-Host "Error!!! Should not be here" }            
}            
            
            
$fw.Rules | where {$_.Name -like "Windows Management Instrumentation*" -and $_.Direction -eq $direction} |            
foreach {            
 #$_            
 if($domain -and ($_.profiles -eq 1)) {$_.Enabled = $false}             
 if($private -and ($_.profiles -eq 2)) {$_.Enabled = $false}              
 if($public -and ($_.profiles -eq 4)) {$_.Enabled = $false}              
            
 if($domain -and ($_.profiles -band 1)) {$_.Enabled = $false}             
 if($private -and ($_.profiles -band 2)) {$_.Enabled = $false}              
 if($public -and ($_.profiles -band 4)) {$_.Enabled = $false}              
            
            
}            
            
}#process             
END{}#end            
            
<# 
.SYNOPSIS
Disables WMI through firewall

.DESCRIPTION
Disables WMI through firewall
 

.EXAMPLE
disable-wmi -in -domain

.EXAMPLE
disable-wmi -in -domain -pp

.EXAMPLE
disable-wmi -out  -pp

#>            
            
}


I’ve used parameter sets to distinguish in and outbound rules. The network types are set as switches.



The rules are scanned and depending on the network type and profile the Enabled property is set to $false. I’ve tested the profile as an equals and as a –band to catch the singleton and mixed profile

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>