Windows Firewall Ruleset

![Alt Text][corporate firewall]

Table of Contents

• Windows Firewall Ruleset
  • Table of Contents
  • About Windows Firewall Ruleset
    • Firewall rules
    • Firewall framework
  • The vision of this firewall
  • License
  • Requirements
    • Requirements details
    • I don't meet the requirements
  • First time user
    • Warning
    • Note
    • Quick start
  • Firewall management
    • Automated and interactive firewall deployment
    • Manage GPO rules
    • Deploying individual rulesets
    • Deleting rules
    • Export/Import rules
  • Remote firewall deployment
  • Support, updates and documentation
  • The future

About Windows Firewall Ruleset

[![Alpha release][badge status]][alpha]

A fully automated solution for Windows firewall with PowerShell

Windows Firewall Ruleset configures Windows firewall automatically and applies restrictive firewall rules specific for target system and software installed on the system.

Status of this project is still alpha, click on "status" badge above to learn more.
This project consists of two major parts, firewall rules and firewall framework as follows:

Firewall rules

Windows firewall rules sorted into individual PowerShell scripts according to:

• Rule group
• Traffic direction (ex. inbound, outbound or IPSec)
• Software type and publisher
• IP version (IPv4 / IPv6)

Such as for example:

• ICMP traffic
• Browser rules
• Built in OS software
• Store apps
• Windows services
• Multiplayer Games
• Microsoft programs
• 3rd party programs
• broadcast traffic
• multicast traffic

Firewall framework

• Firewall framework consists of a number of PowerShell modules, scripts and documentation used to gather environment information relevant to build and deploy firewall specialized for target system such as:

  • Computers on network
  • Installed programs
  • IP subnet math
  • Remote or local system users
  • Network configuration
  • GPO configuration
  • Firewall management
  • Quick analysis of packet trace and audit logs
  • Various troubleshooting, firewall, system and network utility functions

• Thus this repository is a good starting point to easily extend your firewall to include more rules and functionalities as desired.

• Currently there are some 800+ firewall rules, 10+ modules with 100+ functions, several scripts and a good portion of useful documentation.

• You can interactively choose which rules you want, and deploy only those or you could automate the process and deploy all the necessary rules and settings to your firewall.

Table of Contents

The vision of this firewall

[![Managed in VSCode][badge vscode]][vscode] [![PowerShell][badge language]][powershell]

1. Detailed firewall configuration is time consuming process, takes a lot of troubleshooting, changes require testing and security auditing and it only gets worse if you need to deploy firewall to hundreds or thousands of remote computers, for example not all computers might have same software or restriction requirements.

2. Unlike firewall rules in control panel, these rules are loaded into GPO firewall (Local Group Policy), meaning system settings changes or random programs which install rules as part of their installation process will have no effect on firewall unless you explicitly make an exception.

3. Rules based on programs and services will have their specified executable file checked for digital signature and will be scanned on VirusTotal if digital signature is missing, for security reasons rule is not created or loaded into firewall if this verification fails. (can be forced)

4. Default outbound is "block" unless there is a rule to allow network traffic, in most firewalls this is not possible unless you maintain rules for every possible program or service, thanks to this collection of rules, setting default outbound to block requires very little or no additional work.

5. Unlike in usual scenario, you will know which rules no longer have an effect or are redundant due to ex. uninstalled program, a missing system service which no longer exists, renamed executable after Windows update and similar reasons.

6. Unlike predefined Windows firewall rules, these rules are more restrictive such as, tied to explicit user accounts, rules apply to specific ports, network interfaces, specific executables, services etc. all of which is learned automatically from target system.

7. Updating, filtering or searching rules and attributes such as ports, addresses and similar is much easier since these rules are in scripts, you can use editor tools such as regex, [multicursor][multicursor] or CTRL + F to perform bulk operations on your rules, doing this in any firewall UI is not possible due to user interface limitations.

8. A good portion of code is dedicated to provide automated solution to build and define firewall specialized for target system and users, minimizing the need to do something manually thus saving you much valuable administration time.

Table of Contents

License

![MIT license][badge license]

This project Windows Firewall Ruleset is licensed under the MIT license.

Some scripts, files or modules are not MIT licensed or may have their own Copyright holders for this reason license and Copyright notices are maintained "per file".

Requirements

[![Windows][badge system]][windows]

The following table lists operating systems on which Windows Firewall Ruleset has been tested

| OS | Edition | Version | Architecture | | ------------------- | ------------- | ----------- | ------------ | | Windows 10 | Pro | 1809 - 22H2 | x64 | | Windows 10 | Pro Education | 20H2 | x64 | | Windows 10 | Enterprise | 1809 - 20H2 | x64 | | Windows 10 | Education | 20H2 - 22H2 | x64 | | Windows 11 | Pro Education | 21H2 | x64 | | Windows 11 | Pro | 22H2 - 23H2 | x64 | | Windows 11 | Enterprise | 22H2 | x64 | | Windows Server 2019 | Essentials | 1809 | x64 | | Windows Server 2019 | Standard | 1809 | x64 | | Windows Server 2019 | Datacenter | 1809 | x64 | | Windows Server 2022 | Standard | 21H2 | x64 | | Windows Server 2022 | Datacenter | 21H2 | x64 |

---

1. Windows PowerShell 5.1 or PowerShell Core 7.3.x [Download PowerShell Core][download core]
2. .NET Framework 4.5 (Windows PowerShell only) [Download Net Framework][download .net]
3. sigcheck64.exe (Highly recommended) [Download sigcheck][sigcheck]
4. Git (Optional) [Download Git][download git]
5. Visual Studio Code (Recommended) [Download VSCode][vscode]
6. PowerShell Support for VSCode (Recommended) [Download extension][download powershell extension]
7. PSScriptAnalyzer (Recommended) [Download PSScriptAnalyzer][module psscriptanalyzer]

Table of Contents

Requirements details

• All Windows 10.0 systems (Major 10, Minor 0) and above except Home editions are supported, but only those editions listed in the table above have been tested.
  The "Version" column lists tested releases, however only latest OS builds continue to be tested.
  A list of other untested but supported systems and features is in The future

• PowerShell Core is not built into Windows, you will need to install it separately or use Windows PowerShell which is part of operating system.

• .NET Framework min. version 4.5 is required if using Windows PowerShell (Desktop edition) instead of PowerShell Core.
  Windows 10 ships with min .NET 4.6 (which includes .NET 4.5), and Windows 11 ships with min .NET 4.8

• sigcheck64.exe (or 32 bit sigcheck.exe) is a digital signature verification tool which you can download from Microsoft site and should be placed either into C:\tools directory or to %PATH% environment variable.
  Windows Firewall Ruleset will use it to perform hash based online malware analysis on VirusTotal for every executable that is not digitally signed before a firewall rule is made for that executable.
  This is only a recommendation, if there is no sigcheck64.exe in PATH you're offered to download it and if you decline no malware analysis is made.
  By using this functionality you're agree to [VirusTotal Terms of Service][virustotal terms], [VirusTotal Privacy Policy][virustotal privacy] and [Sysinternals Software License Terms][sysinternals terms]

• You might want to have git to check out for updates, to easily switch between branches or to contribute code.

• VS Code is preferred and recommended editor to navigate code and or to edit scripts for your own needs or contribution.

• If you get VSCode, you'll also need PowerShell extension for code navigation and PowerShell language features.

• To navigate and edit code with VSCode PSScriptAnalyzer is highly recommended, otherwise editing experience may behave odd due to various repository settings.

• There are no hardware requirements, but if you plan to write and debug code recommendation is min. 8GB of memory and SSD drive to comfortably work on project, otherwise to just deploy rules to your personal firewall less than that will wor