重复的 Windows 防火墙规则(Netsh AdvFirewall 防火墙)
Duplicated Windows firewall rules (Netsh AdvFirewall firewall)
我注意到当我们通过 netsh advfirewall firewall 创建防火墙规则时,它可以 运行 多次,创建多个相同的防火墙规则。
在尝试创建新规则之前,是否有任何方法可以检查防火墙规则是否存在?
我设法通过 PowerShell 的网络安全 Cmdlet 实现了这一点,以下代码将检查命名的防火墙规则以及指定的本地端口,如果找到条目,则不会创建规则。如果找不到条目,它将创建规则
$firewallPort = ""
$firewallRuleName = ""
write-host "Checking for '$firewallRuleName' firewall rule on port '$firewallPort' now...."
if ($(Get-NetFirewallRule –DisplayName $firewallRuleName | Get-NetFirewallPortFilter | Where { $_.LocalPort -eq $firewallPort }))
{
write-host "Firewall rule for '$firewallRuleName' on port '$firewallPort' already exists, not creating new rule"
}
else
{
write-host "Firewall rule for '$firewallRuleName' on port '$firewallPort' does not already exist, creating new rule now..."
New-NetFirewallRule -DisplayName $firewallRuleName -Direction Inbound -Profile Domain,Private,Public -Action Allow -Protocol TCP -LocalPort $firewallPort -RemoteAddress Any
write-host "Firewall rule for '$firewallRuleName' on port '$firewallPort' created successfully"
}
检查规则"myrule"是否不存在
netsh advfirewall firewall show rule name="myrule" | findstr "no rules"
为了扩展@Oleg 的回答,这里是我使用的。根据您的规则的标准替换 ...。
set name="my rule"
netsh advfirewall firewall show rule name=!name! >nul
if errorlevel 1 (
echo Adding firewall rule !name!
netsh advfirewall firewall add rule name=!name! ...
)
Get-Command -Module NetSecurity
get-help Get-NetFirewallRule -full
为什么没有人提到 ||操作员批量失败?
&& 成功运算符的反义词
:: (if command errors) || (exec this command)
netsh advfirewall firewall show rule name="myrule" >nul || netsh advfirewall firewall add rule name="myrule" ...
我注意到当我们通过 netsh advfirewall firewall 创建防火墙规则时,它可以 运行 多次,创建多个相同的防火墙规则。
在尝试创建新规则之前,是否有任何方法可以检查防火墙规则是否存在?
我设法通过 PowerShell 的网络安全 Cmdlet 实现了这一点,以下代码将检查命名的防火墙规则以及指定的本地端口,如果找到条目,则不会创建规则。如果找不到条目,它将创建规则
$firewallPort = ""
$firewallRuleName = ""
write-host "Checking for '$firewallRuleName' firewall rule on port '$firewallPort' now...."
if ($(Get-NetFirewallRule –DisplayName $firewallRuleName | Get-NetFirewallPortFilter | Where { $_.LocalPort -eq $firewallPort }))
{
write-host "Firewall rule for '$firewallRuleName' on port '$firewallPort' already exists, not creating new rule"
}
else
{
write-host "Firewall rule for '$firewallRuleName' on port '$firewallPort' does not already exist, creating new rule now..."
New-NetFirewallRule -DisplayName $firewallRuleName -Direction Inbound -Profile Domain,Private,Public -Action Allow -Protocol TCP -LocalPort $firewallPort -RemoteAddress Any
write-host "Firewall rule for '$firewallRuleName' on port '$firewallPort' created successfully"
}
检查规则"myrule"是否不存在
netsh advfirewall firewall show rule name="myrule" | findstr "no rules"
为了扩展@Oleg 的回答,这里是我使用的。根据您的规则的标准替换 ...。
set name="my rule"
netsh advfirewall firewall show rule name=!name! >nul
if errorlevel 1 (
echo Adding firewall rule !name!
netsh advfirewall firewall add rule name=!name! ...
)
Get-Command -Module NetSecurity
get-help Get-NetFirewallRule -full
为什么没有人提到 ||操作员批量失败? && 成功运算符的反义词
:: (if command errors) || (exec this command)
netsh advfirewall firewall show rule name="myrule" >nul || netsh advfirewall firewall add rule name="myrule" ...