New-NetFirewallRule PowerShell Get-Help Output

This is the built-in help made by Microsoft for the command 'New-NetFirewallRule', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Creates a new inbound or outbound firewall rule and adds the rule to the target computer.

SYNTAX

New-NetFirewallRule [-Action <Action>] [-AsJob [<SwitchParameter>]] [-Authentication <Authentication>] [-CimSession <CimSession[]>]
[-Description <String>] [-Direction <Direction>] [-DynamicTransport <DynamicTransport>] [-EdgeTraversalPolicy <EdgeTraversal>] [-Enabled
<Enabled>] [-Encryption <Encryption>] [-GPOSession <String>] [-Group <String>] [-IcmpType <String[]>] [-InterfaceAlias <WildcardPattern[]>]
[-InterfaceType <InterfaceType>] [-LocalAddress <String[]>] [-LocalOnlyMapping <Boolean>] [-LocalPort <String[]>] [-LocalUser <String>]
[-LooseSourceMapping <Boolean>] [-Name <String>] [-OverrideBlockRules <Boolean>] [-Owner <String>] [-Package <String>] [-Platform <String[]>]
[-PolicyStore <String>] [-Profile <Profile>] [-Program <String>] [-Protocol <String>] [-RemoteAddress <String[]>] [-RemoteMachine <String>]
[-RemotePort <String[]>] [-RemoteUser <String>] [-Service <String>] [-ThrottleLimit <Int32>] -DisplayName <String> [-Confirm
[<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]

Search powershellhelp.space

DESCRIPTION

The New-NetFirewallRule cmdlet creates an inbound or outbound firewall rule and adds the rule to the target computer.

Some parameters are used to specify the conditions that must be matched for the rule to apply, such as the LocalAddress and RemoteAddress
parameters. Other parameters specify the way that the connection should be secured, like the Authentication and Encryption parameters. Rules
that already exist can be managed with the Get-NetFirewallRule and Set-NetFirewallRule cmdlets.

Filter objects, such as NetFirewallAddressFilter or NetFirewallApplicationFilter, are created with each firewall rule. The filter objects and
rules are always one-to-one and are managed automatically.

RELATED LINKS

REMARKS

Examples

EXAMPLE 1

PS C:\> New-NetFirewallRule -DisplayName "Local Rule"

This example creates an inbound TCP firewall rule on the local computer.

EXAMPLE 2

PS C:\> New-NetFirewallRule -DisplayName "Block Outbound Port 80" -Direction Outbound –LocalPort 80 -Protocol TCP -Action Block

This example creates an outbound firewall rule to block all of the traffic from the local computer that originates on TCP port 80.

EXAMPLE 3

PS C:\> New-NetFirewallRule -DisplayName "Block WINS" -Direction Inbound -Action Block -RemoteAddress WINS

This example creates a firewall rule that blocks all inbound traffic from all WINS servers.

EXAMPLE 4

PS C:\> New-NetFirewallRule -DisplayName "Allow Messenger" -Direction Inbound -Program "C:\Program Files (x86)\Messenger\msmsgs.exe"
-RemoteAddress LocalSubnet -Action Allow

This example creates an inbound firewall rule that allows traffic for the Windows Messenger program only from computers on the same subnet as
the local computer.

EXAMPLE 5

PS C:\> New-NetFirewallRule -DisplayName "Allow Authenticated Messenger" -Direction Inbound -Program "C:\Program Files
(x86)\Messenger\msmsgs.exe" -Authentication Required -Action Allow

This example creates a firewall rule that allowsinboundWindows Messenger network traffic only if the connection from the remote computer is
authenticated by using a separate IPsec rule.

EXAMPLE 6

PS C:\> New-NetFirewallRule -DisplayName "Allow Only Specific Computers and Users" -Direction Inbound -RemoteMachine
"D:(A;;CC;;;SIDforMachineGroupAccount)" -RemoteUser "D:(A;;CC;;;SIDforUserGroupAccount)" -Action AllowBypass -Authentication Required

This example creates a firewall rule that allows all of the network traffic from computers that are members of a specific computer group, and
only from users that are members of a specific user group. Both memberships must be confirmed by authentication using a separate connection
security rule.

EXAMPLE 7

PS C:\> New-NetFirewallRule -Name "Block Wireless In" -Direction Inbound -InterfaceType Wireless -Action Block

PS C:\> New-NetFirewallRule -Name "Block Wireless Out" -Direction Outbound -InterfaceType Wireless -Action Block

This example uses two cmdlets to create firewall rules that block all of the wireless network traffic.

EXAMPLE 8

PS C:\> New-NetFirewallRule -DisplayName "Allow TCP 12345 and 5000-5020 over Teredo" -Direction Inbound -Action Allow -EdgeTraversalPolicy
Allow -Protocol TCP -LocalPort 12345,5000-5020 -Program "C:\Program Files (x86)\TestIPv6App.exe"

This example creates a firewall rule to allowTCP traffic addressed to port 12345 and the range of ports 5000-5020 to a specific application
from the computers on the remote side of an edge (NAT) device, using the Teredo IPv6 interface.