question

FranzSchenk-2502 avatar image
0 Votes"
FranzSchenk-2502 asked FranzSchenk-2502 commented

Windows firewall: How to block all incoming connections with PowerShell?

Have to manage Windows firewall settings with Powershell, and have to configure the Windows firewall to not allow any incoming connections. All the automatically created firewall exception rules that Windows creates should also be blocked. We need the configuration for any Firewall profile according the following printscreen:

134363-firewall.png



"set-netfirewallprofile -all -DefaultInboundAction Block " blocks incoming connections, but allows all the configured inbound rules. A parameter like "-DefaultInboundActions Blockall" seem not to exist and does not work.

Any advice how to get the configuration according the printscreen with Powershell? Thank you in advance for any help.
Franz

PS: Group Policy is not an option, we have to deploy Workgroup clients.

windows-10-security
firewall.png (937.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Castorix31 avatar image
1 Vote"
Castorix31 answered Castorix31 edited

On Windows 10 1909, I can set to "Block all" with , as Admin :
(1 as parameter is for NET_FW_PROFILE2_DOMAIN)

 $fwp = New-Object -ComObject hnetcfg.fwpolicy2
 $fwp.BlockAllInboundTraffic(1) = 1

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you, that is very helpful!

Where have you found this information? Can't find anything, and had to try different parameters. What I have found:
(1) is domain profile, like you wrote
(2) is private profile
(4) is public profile
(3) throws an error "the request is not supported"

0 Votes 0 ·

As I program mainly in C++, I tried to convert C++ into PowerShell, from MSDN docs for INetFwPolicy2 Interface
then I checked members with :

 $fwp | Get-Member



0 Votes 0 ·
LimitlessTechnology-2700 avatar image
1 Vote"
LimitlessTechnology-2700 answered FranzSchenk-2502 commented

Hello Franz,

I also ignore if there is a equivalent in Powerhshell, but I have been using it from prompt:

to enable:

netsh advfirewall set domainprofile firewallpolicy blockinboundalways,allowoutbound

to disable:

netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound

Hope this helps,



--If the reply is helpful, please Upvote and Accept as answer--

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you, this is a second working solution :-)

0 Votes 0 ·