1

To test this code in Powershell, you will first need a firewall rule that is blocking more than one IP Address. Mine looks like this: Screenshot of an example firewall rule

The command I'm stuck on is:

Get-NetFirewallRule -DisplayName "Blocked by Cyberarms Intrusion Detection_BlockAttacker_AllPorts" | Get-NetFirewallAddressFilter | Select RemoteAddress

The output for me is:

RemoteAddress
-------------
{5.101.64.77, 5.188.206.166, 45.141.87.2, 45.141.87.10...}

This seems correct, but I can't figure how to directly reference the array (is that what the curly braces are denoting?) of IP Addresses.

I would like to dump the list to a text file, with one IP on each line, for comparison against other lists.

imcuneo
  • 43
  • 6
  • 2
    `Select-Object -ExpandProperty RemoteAddress` – Olaf Jan 21 '20 at 00:20
  • Yes, the curly braces in this case are the for-display representation of an array; @Olaf's solution is correct; see the linked question for details and alternatives. – mklement0 Jan 21 '20 at 03:09
  • Note: The accepted answer addresses the dump-to-text-file part of the question, whereas the linked post addresses how to extract just the array of remote addresses from the output of `Get-NetFirewallRule`, which Olaf's comment above succinctly summarizes. – mklement0 Jan 22 '20 at 14:53

1 Answers1

0

The below script will export your addresses to csv file. This requires PowerShell 5.1+

$netFirewallRule = Get-NetFirewallRule -DisplayName "Blocked by Cyberarms Intrusion Detection_BlockAttacker_AllPorts"
$netFirewallAddressFilter = $netFirewallRule | Get-NetFirewallAddressFilter
$myFirewallReport = foreach ($address in $netFirewallAddressFilter.RemoteAddress) {
    [PSCustomObject][ordered]@{
        "DisplayName"   = $netFirewallRule.DisplayName
        "RemoteAddress" = $address
    }
}
$myFirewallReport | Export-Csv -NoTypeInformation C:\MyFirewallReport.csv

Hope it helps,

jfrmilner
  • 1,458
  • 10
  • 11