parsing netsh firewall using powershell

In this powershell treasure chest post I want to explain how we can parse the results of netsh advfirewall command to workable powershell objects using regex. For the ones that didn’t know, netsh advfirewall is a command that allows to lists the existing firewall rules and their state on a windows machine. It has been pretty handy up until the *netadvancedFirewall* cmdlets were released.

This blog post answers the question: How do can I get the firewall rules from a machine using windows PowerShell?

Why not use the standard get-netadvancedFirewall you may ask? Well, how do you get the existing firewall rules from a system ? Normally we would use the get-netadvancedFirewall rule. But even though it is documented that the cmdlet only exists since powershell 3, this is partially false. The powershell firewall cmdlets are available since windows 2012 and windows 8.1 only. This means that even though you have powershell 3.0 installed on anterior version of Windows Server 2012, you won’t have access to powershell cmdlets. Bummer!

But how can you read the existing firewall rules on an system that hasn’t windows Powershell 3.0 then? We know we can have a listing of all the existing rules using netsh with the following example.

If you want to get a specific firewall rule using netsh you can get it using the command as followed:

The results that we get are not objects. It is plain text (buuu!!). But they seem to follow a pattern. Which means, that they are ‘regexable’ 😉

In the absence of the Get-NetAdvancedFirewall, it is possible to get the current firewall rules using netsh adfirewall. The issue is that netsh return only plain text.. \o/

If you follow my blog, you must have seen my post about regex, where I teach the basics building blocks to start using regex. the function I am sharing here under is based on the knowledge from that blog post. It is defenitly a good idea to learn regex because it will REALLY help you in the future. Belive me!

This function is based on regular expressions, and it’s sole purpose was for me to get access to the PowerShell remoting firewall rules on servers that didn’t had the net module installed / or available.

Here a quick overview of the objects that are sent back from the function.


I have uploaded the function to github. I would love to have your feedback on this function 🙂


By | 2017-01-17T16:00:01+00:00 January 15th, 2017|Treasure chest|3 Comments

About the Author:

Stéphane is a dynamic and passionate Cloud and datacenter Microsoft MVP since. He is the founder of the Basel PowerShell user Group (BPUG), the co-founder of the French Speaking PowerShell UserGroup (FRPSUG), author, blogger, and received the community award "PowerShell Hero" from Stéphane has implemented microsoft infrastructure solutions in various countries of Europe and is currently working in Basel / Switzerland. Stéphane help his clients to reduce their global infrastructure costs by implementing Microsft infrastructure solutions by combining great products such as System Center, Windows Server, with heavy automation using Windows PowerShell. Stéphane loves languages, Belgium beer, French cheese and French Wine. If any of these topics are of your interest, don't hesitate to come and say hi.


  1. Stephen Lomond March 4, 2019 at 1:53 pm - Reply

    This is awesome just what I was looking for.. Thank you so much..

  2. Jaap Brasser January 15, 2017 at 10:21 pm - Reply

    I could not find your script on GitHub, which repository did you post it in?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: