使用 PowerShell 禁用所有不需要的 Windows 防火墙规则

Question

在我的 Windows 防火墙中，我创建了一些规则，让我可以更好地控制我的 PC。 但是自从 Windows 和其他应用程序不断添加我不想要的规则以来，我的规则变得有些无用。
我试图阻止这种情况发生，但我发现的唯一方法是使用像 Tinywall 这样的第三方工具，这并不是我想要的。

因此，为了解决这个问题，我想创建一个 PowerShell 脚本，该脚本将禁用和重命名我未添加的所有规则。 这样，我可以轻松地管理它们。

我添加的规则很容易识别，因为它们都以某些单词开头。
在这种情况下，假设它以“Sample XYZ”或“Sample ABC”开头。

• 样品 XYZ - Windows 更新
• 样品 ABC - MPC-HC
• 样品 ABC - Firefox
• 样品 XYZ - Windows

---

到目前为止，这就是我所做的。

在这一部分中，脚本将过滤我创建的所有规则，然后它将禁用和阻止所有其他规则。
令我惊讶的是，这按预期工作。

# This will get all firewall rules
$NR = Get-NetFirewallRule  

# This will exclude all the rules added by the user
$NR = $NR | Where-Object DisplayName -NotMatch "Sample ABC"  
$NR = $NR | Where-Object DisplayName -NotMatch "Sample XYZ"  

# Disable all other rules that are not added by the user
$NR | Set-NetFirewallRule -Enabled False

# Set rules' action to block
$NR | Set-NetFirewallRule -Action Block

---

这些是不起作用的部分。

任务：在规则显示名称的开头添加自定义词
示例：如果规则名称是“Microsoft Photos”，那么它将被重命名为“IDWTFR - Microsoft Photos”。

# Add a custom word to the beginning of the rules' display name
# Custom word = 'IDWTFR - '
# Attempt 01: Fail
$NR | Set-NetFirewallRule -DisplayName "IDWTFR - " + $NR.DisplayName

# Attempt 02: Fail
$NR = $NR | ForEach-Object -MemberName DisplayName "IDWTFR - " + $NR.DisplayName | Set-NetFirewallRule

任务：将不需要的规则添加到名为“垃圾规则”的组中。

# Add to a group
# Attempt 01: Fail
$NR | Set-NetFirewallRule -DisplayGroup "Junk Rules"

---

为了更清楚一点，这是我正在尝试做的总结。

 +-----------------------------+---------------------------+----------------+----------------+----------------+-------------+ | Rule Name | New Rule Name | Group | Action | Status | Created by | +-----------------------------+---------------------------+----------------+----------------+----------------+-------------+ | Sample XYZ - Windows Update | Same as before | Same as before | Same as before | Same as before | User | | Sample ABC - MPC-HC | Same as before | Same as before | Same as before | Same as before | User | | Sample ABC - Firefox | Same as before | Same as before | Same as before | Same as before | User | | Sample XYZ - Windows News | Same as before | Same as before | Same as before | Same as before | User | | Microsoft Photos | IDWTFR - Microsoft Photos | Junk Rules | Block | Disable | Not by user | | App Installer | IDWTFR - App Installer | Junk Rules | Block | Disable | Not by user | | Feedback Hub | IDWTFR - Feedback Hub | Junk Rules | Block | Disable | Not by user | | Microsoft Edge | IDWTFR - Microsoft Edge | Junk Rules | Block | Disable | Not by user | +-----------------------------+---------------------------+----------------+----------------+----------------+-------------+

---

我是 PowerShell 的新手，因此我们将不胜感激。 谢谢。

Answer 1

由于这是您的特殊用例，因此在不设置尽可能接近您在此处显示的环境的情况下进行验证将是一项挑战。 我没有 position 这样做。

然而，看看你说你做了什么，这里有一个重构选项可以尝试。 重构一下（同样，未测试）

# Get all firewall rule name, and filter out the named rules
Get-NetFirewallRule | 
Where-Object -Property Name -notlike 'Sample ABC|Sample XYZ' | 
ForEach {
    # Disable all other rules that are not added by the user
    Set-NetFirewallRule -Name $PSItem.DisplayGroup -Enabled False

    # Set rules' action to block
    $PSItem.DisplayName | 
    Set-NetFirewallRule -Action Block

    # Rename firewall rule
    If ($PSItem.DisplayName -like '*Microsoft*')
    {Rename-NetFirewallRule -Name $PSItem.DisplayName -NewName "IDWTFR-$($PSitem.DisplayName)"}

    # Create new firewall group
    $PSItem.Group = 'JunkRules' | 
    Set-NetFirewallRule -NewDisplayName $PSItem.DisplayName
}