New-NetFirewallRule PowerShell Get-Help Output

This is the built-in help made by Microsoft for the command 'New-NetFirewallRule', in PowerShell version 4 - as retrieved from Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Creates a new inbound or outbound firewall rule and adds the rule to the target computer.

SYNTAX

New-NetFirewallRule [-Action <Action>] [-AsJob] [-Authentication <Authentication>] [-CimSession <CimSession[]>] [-Description <String>] [-Direction <Direction>] [-Dyn
amicTarget <DynamicTransport>] [-EdgeTraversalPolicy <EdgeTraversal>] [-Enabled <Enabled>] [-Encryption <Encryption>] [-GPOSession <String>] [-Group <String>] [-IcmpT
ype <String[]>] [-InterfaceAlias <WildcardPattern[]>] [-InterfaceType <InterfaceType>] [-LocalAddress <String[]>] [-LocalOnlyMapping <Boolean>] [-LocalPort <String[]>
] [-LocalUser <String>] [-LooseSourceMapping <Boolean>] [-Name <String>] [-OverrideBlockRules <Boolean>] [-Owner <String>] [-Package <String>] [-Platform <String[]>]
[-PolicyStore <String>] [-Profile <Profile>] [-Program <String>] [-Protocol <String>] [-RemoteAddress <String[]>] [-RemoteMachine <String>] [-RemotePort <String[]>] [
-RemoteUser <String>] [-Service <String>] [-ThrottleLimit <Int32>] -DisplayName <String> [-Confirm] [-WhatIf] [<CommonParameters>]

Search powershellhelp.space

DESCRIPTION

The New-NetFirewallRule cmdlet creates an inbound or outbound firewall rule and adds the rule to the target computer.

Some parameters are used to specify the conditions that must be matched for the rule to apply, such as the LocalAddress and RemoteAddress parameters. Other parameters
specify the way that the connection should be secured, like the Authentication and Encryption parameters. Rules that already exist can be managed with the Get-NetFir
ewallRule and Set-NetFirewallRule cmdlets.

Filter objects, such as NetFirewallAddressFilter or NetFirewallApplicationFilter, are created with each firewall rule. The filter objects and rules are always one-to-
one and are managed automatically.

RELATED LINKS

REMARKS

Examples

EXAMPLE 1

PS C:\> New-NetFirewallRule -DisplayName "Block Outbound Port 80" -Direction Outbound –LocalPort 80 -Protocol TCP -Action Block

This example creates an outbound firewall rule to block all of the traffic from the local computer that originates on TCP port 80.

EXAMPLE 2

PS C:\> New-NetFirewallRule -DisplayName "Block WINS" -Direction Inbound -Action Block -RemoteAddress WINS

This example creates a firewall rule that blocks all inbound traffic from all WINS servers.

EXAMPLE 3

PS C:\> New-NetFirewallRule -DisplayName "Allow Messenger" -Direction Inbound -Program "C:\Program Files (x86)\Messenger\msmsgs.exe" -RemoteAddress LocalSubnet -Actio
n Allow

This example creates an inbound firewall rule that allows traffic for the Windows Messenger program only from computers on the same subnet as the local computer.

EXAMPLE 4

PS C:\> New-NetFirewallRule -DisplayName "Allow Authenticated Messenger" -Direction Inbound -Program "C:\Program Files (x86)\Messenger\msmsgs.exe" -Authentication Req
uired -Action Allow

This example creates a firewall rule that allowsinboundWindows Messenger network traffic only if the connection from the remote computer is authenticated by using a s
eparate IPsec rule.

EXAMPLE 5

PS C:\> New-NetFirewallRule -DisplayName "Allow Only Specific Computers and Users" -Direction Inbound -RemoteMachine "D:(A;;CC;;;SIDforMachineGroupAccount)" -RemoteUs
er "D:(A;;CC;;;SIDforUserGroupAccount)" -Action AllowBypass -Authentication Required

This example creates a firewall rule that allows all of the network traffic from computers that are members of a specific computer group, and only from users that are
members of a specific user group. Both memberships must be confirmed by authentication using a separate connection security rule.

EXAMPLE 6

PS C:\> New-NetFirewallRule -Name "Block Wireless In" -Direction Inbound -InterfaceType Wireless -Action Block
PS C:\> New-NetFirewallRule -Name "Block Wireless Out" -Direction Outbound -InterfaceType Wireless -Action Block

This example uses two cmdlets to create firewall rules that block all of the wireless network traffic.

EXAMPLE 7

PS C:\> New-NetFirewallRule -DisplayName "Allow TCP 12345 and 5000-5020 over Teredo" -Direction Inbound -Action Allow -EdgeTraversalPolicy Allow -Protocol TCP -LocalP
ort 12345,5000-5020 -Program "C:\Program Files (x86)\TestIPv6App.exe"

This example creates a firewall rule to allowTCP traffic addressed to port 12345 and the range of ports 5000-5020 to a specific application from the computers on the
remote side of an edge (NAT) device, using the Teredo IPv6 interface.