1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Powershell help please - Adding to a Firewall rule

Discussion in 'HTML, Graphics & Programming' started by Feek, Jul 3, 2020.

  1. Feek

    Commissario

    Joined: Oct 16, 2002

    Posts: 228,635

    Location: In the radio shack

    Hi folks,

    I have a firewall rule set in Windows Firewall to block some external IPs and I'd like to add a number of ranges.

    I'm using the script as described here.

    Code:
    $csv = Import-Csv -Path 'C:\Scripts\test.csv'
    $data = @()
    $csv | ForEach-Object { $data += $_.From + "-" + $_.To }
    Set-NetFirewallRule -Name "{6929A9BF-26E7-47D9-BF8B-4602AFE7F489}" -RemoteAddress $data 
    
    I wanted to run it on a few IPs first, just to make sure it works before I add loads.

    My test.csv file looks like this:

    Code:
    From,To
    1.0.1.0,1.0.1.255
    1.0.2.0,1.0.3.255
    1.0.8.0,1.0.15.255
    1.0.16.0,1.0.31.255
    

    However, when I run the script, it appears to run and finishes with no errors but nothing has been added to the rule. At least, when I check the Scope, nothing has been added.

    If I try running the set-netfirewallrule command by itself just to add a single IP, the same happens. It appears to run but nothing is added. I am running Powershell as an administrator.

    Running Windows 10. Can anyone suggest what might be wrong please? This looks pretty straightforward but I can't see why it's failing.

    Thanks.
     
  2. Feek

    Commissario

    Joined: Oct 16, 2002

    Posts: 228,635

    Location: In the radio shack

    Doesn't matter, I've installed PeerBlock and am doing it that way.
     
  3. Django x2

    Capodecina

    Joined: Sep 28, 2008

    Posts: 13,101

    Location: Britain

    I know you've got a workaround, but I like a challenge.

    1. What's the GUID in -name? is the guild the actual name of the firewall rule you are trying to change?
    2. Set- changes a rule that already exists, I'm assuming that's the case
    3. What does -verbose show?
    4. Because you are not using CIDR notation, line 1 and line 2 of the CSV are subnet masking. Instead, line 1 should just be 1.0.1.0,1.0.3.255
     
  4. Feek

    Commissario

    Joined: Oct 16, 2002

    Posts: 228,635

    Location: In the radio shack

    Thanks for the reply :)

    1 - I tried with DisplayName and when it failed, I went with Name and the GUID. Yes, that's the correct one for the rule.
    2 - Yup, the rule exists
    3 - Dunno and honestly, I'm not that bothered because Peerblock is doing what I want. I've imported the IP list and job's a good 'un.
    4 - Gotcha
     
  5. Django x2

    Capodecina

    Joined: Sep 28, 2008

    Posts: 13,101

    Location: Britain

    Most odd. I literally just copied what you had above, but only the two lines in my CSV file and changed the instancename accordingly and bingo:

    [​IMG]
     
    Last edited: Jul 23, 2020