Powershell scripts to export and import firewall rules

Also on Powershell Gallery as module Firewall-Manager, see here or install with Install-Module Firewall-Manager

Now also on Powershell Gallery as part of the SysAdminsFriends module, see here or install with Install-Module SysAdminsFriends

Since Technet Gallery will be closed soon, you find the script here now:

https://github.com/MScholtes/TechNet-Gallery

There is only one possibility to export and import firewall rules: as a blob (wfw file) in the firewall console or with a script. If you want to automate removing or editing a rule from the set there is no (easy) way to do it without using a third party tool or messing with the registry in dangerous places.

The three scripts ExportFirewallRules.ps1, ImportFirewallRules.ps1 and RemoveFirewallRules.ps1 export, import and remove complete firewall rule sets in CSV or JSON file format. When importing existing rules with the same display name will be overwritten.

Requires Windows 8.1 / Server 2012 R2 or above.

Export-FirewallRules.ps1 [[-Name] <Object>] [[-CSVFile] <Object>] [-JSON] [-Inbound] [-Outbound] [-Enabled] [-Disabled] [-Allow] [-Block]

Exports firewall rules to a CSV or JSON file.

-Name
Display name of the rules to be processed. Wildcard character * is allowed. Default: *
-CSVFile
Output file. Default: .\FirewallRules.csv
-JSON
Output in JSON instead of CSV format. Default: $FALSE

-Inbound -Outbound -Enabled -Disabled -Allow -Block
Filter which rules to export

Import-FirewallRules.ps1 [[-CSVFile] <Object>] [-JSON]

Imports firewall rules from a CSV or JSON file.

-CSVFile
Input file. Default: .\FirewallRules.csv
-JSON
Input in JSON instead of CSV format. Default: $FALSE

Remove-FirewallRules.ps1 [[-CSVFile] <Object>] [-JSON]

Remove firewall rules according to the list in a CSV or JSON file.

-CSVFile
Input file. Default: .\FirewallRules.csv
-JSON
Input in JSON instead of CSV format. Default: $FALSE

Examples (assume the scripts are in the current directory, modify path to scripts if not)

Export all firewall rules to the CSV file FirewallRules.csv in the current directory:

PowerShell

Skript bearbeiten|Remove

.\Export-FirewallRules.ps1

.\Export-FirewallRules.ps1

Export all SNMP firewall rules to the JSON file SNMPRules.json:

PowerShell

Skript bearbeiten|Remove

.\Export-FirewallRules.ps1 snmp* SNMPRules.json -json

.\Export-FirewallRules.ps1 snmp* SNMPRules.json -json

Import all firewall rules in the CSV file FirewallRules.csv in the current directory:

PowerShell

Skript bearbeiten|Remove

.\Import-FirewallRules.ps1

.\Import-FirewallRules.ps1

Import all firewall rules in the JSON file WmiRules.json:

PowerShell

Skript bearbeiten|Remove

.\Import-FirewallRules.ps1 WmiRules.json -json

.\Import-FirewallRules.ps1 WmiRules.json -json

Remarks:

There might be issues when importing rules for "metro apps" to another computer.

App packet rules are stored as a SID and usually apply only to user accounts whose SIDs are stored in the export file. Those rules will not work on another computer since a SID is unique.