Let me just say upfront that there are any number of tools and techniques that you could potentially use to document your baseline settings. For the purposes of this article, I am going to use a variation of the technique that I showed you in Part 2 to export my firewall rules to a CSV file. Here is my modified script:<\/p>\n
Get-NetFirewallRule | ForEach-Object {
\n$Rule = $_
\n$PortFilter = $Rule | Get-NetFirewallPortFilter
\n$AddressFilter = $Rule | Get-NetFirewallAddressFilter
\n[PSCustomObject]@{
\n\u00a0\u00a0\u00a0 Name\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = $Rule.DisplayName
\n\u00a0\u00a0\u00a0 Direction\u00a0\u00a0\u00a0\u00a0 = $Rule.Direction
\n\u00a0\u00a0\u00a0 Action\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 = $Rule.Action
\n\u00a0\u00a0\u00a0 Protocol\u00a0\u00a0\u00a0\u00a0\u00a0 = $PortFilter.Protocol
\n\u00a0\u00a0\u00a0 LocalPort\u00a0\u00a0\u00a0\u00a0 = $PortFilter.LocalPort
\n\u00a0\u00a0\u00a0 RemotePort\u00a0\u00a0\u00a0 = $PortFilter.RemotePort
\n\u00a0\u00a0\u00a0 LocalAddress\u00a0 = $AddressFilter.LocalAddress
\n\u00a0\u00a0\u00a0 RemoteAddress = $AddressFilter.RemoteAddress
\n\u00a0\u00a0 }
\n} | Export-CSV \u201cC:\\Temp\\FirewallRules.csv\u201d -NoTypeInformation<\/p>\n
As you can see, this script is very similar to the other one. However, instead of providing the script with the name of a firewall rule, we are using the Get-NetFirewallRule cmdlet to retrieve all of the firewall rules. The script then uses a ForEach loop to add each rule’s details to an array of custom objects, which is then exported to a CSV file after the loop ends.<\/p>\n
Related:What Is PowerShell?<\/a><\/p>\n You can see the script and the resulting CSV file in Figure 1.<\/p>\n Figure 1. The script has exported the firewall rules to a CSV file.<\/p>\n Checking for Changes<\/p>\n The important thing to keep in mind is that the CSV file that I have created represents my firewall rules as they existed at a particular point in time. That being the case, we can go back later and compare the machine’s firewall rules to the CSV file to find out if anything has changed.<\/p>\n Here is the PowerShell script that I have created to compare the two CSV files:<\/p>\n $Baseline = Import-Csv -Path “C:\\Temp\\FirewallRules.csv” As you can see, the script starts out by defining the path and filename for the baseline CSV file and for the current CSV file (the CSV file that was most recently created).<\/p>\n Next, the script creates a ForEach loop that looks at all of the rules within the baseline CSV file. For each of these rules, the script initially sets the $MatchExists variable to False, indicating that the current rule has not yet been matched to any records within the CurrentFirewallRules.csv file. I have also created a variable called $BaseName that stores the name of the current rule.<\/p>\n Next, the script goes into a nested ForEach loop. This loop examines all of the records within the CurrentFirewallRules.csv file to see if any of those records have a name that matches the name of the current baseline record. Assuming that a match is found, the script displays a line of text conveying the name of the record that is currently being checked. It also sets the $MatchExists variable to True. A third ForEach loop compares all of the various columns of data associated with the current record and its match, as a way of checking whether or not any changes have been made.<\/p>\n![\"\"](\"https:\/\/www.newsbeep.com\/us\/wp-content\/uploads\/2025\/07\/Firewall_Rules_3-1.jpg\" "\\"\\"\/")
<\/p>\n
\n$Current\u00a0 = Import-Csv -Path “C:\\Temp\\CurrentFirewallRules.csv”
\n\u00a0
\nforeach ($BaseRule in $Baseline) {
\n\u00a0\u00a0\u00a0 $MatchExists = $False
\n\u00a0\u00a0\u00a0 $BaseName = $BaseRule.Name
\n\u00a0
\n\u00a0\u00a0\u00a0 ForEach ($Row in $Current) {
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $CurrentRuleName = $Row.Name
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 If ($CurrentRuleName -eq $BaseName) {
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Write-Host “Checking rule: $CurrentRuleName” -ForegroundColor White
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $MatchExists = $True
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $FieldsToCompare = “Direction”, “Action”, “Protocol”, “LocalPort”, “RemotePort”, “LocalAddress”, “RemoteAddress”
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $Differences = @()
\n\u00a0
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ForEach ($Field in $FieldsToCompare) {
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $BaseValue = [string]$BaseRule.$Field
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $CurrentValue = [string]$Row.$Field
\n\u00a0
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if ($BaseValue -ne $CurrentValue) {
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $Differences += “Field ‘$Field’ has changed from ‘$BaseValue’ to ‘$CurrentValue'”
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }
\n\u00a0
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if ($Differences.Count -gt 0) {
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Write-Host “Rule ‘$BaseName’ has changed:” -ForegroundColor Magenta
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 $Differences | ForEach-Object { Write-Host ”\u00a0\u00a0 $_” -ForegroundColor Cyan}
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }
\n\u00a0
\n\u00a0
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }
\n\u00a0\u00a0\u00a0 }
\n\u00a0
\n\u00a0\u00a0\u00a0 If (-Not $MatchExists) {
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Write-Host “The rule ‘$BaseName’ has been deleted from the current firewall configuration.” -ForegroundColor Yellow
\n\u00a0\u00a0\u00a0 }
\n}<\/p>\n
![\"\"](\"https:\/\/www.newsbeep.com\/us\/wp-content\/uploads\/2025\/07\/Firewall_Rules_3-2.jpg\" "\\"\\"\/")
<\/p>\n