Windows Firewall rule entry

Operating System

https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wfascimprov/msft-netfirewallrule

Use MQL in cnspec shell or policy:

windows.firewall.rule

Min version: 5.15.0

Relationships

Operating System

2 resources · 2 relationships·Click to select, expand fields to see properties.

Field	Type	Description
`action`required	int	Specifies the action to take on traffic that matches this rule
`description`required	string	Brief description of the rule
`direction`required	int	Specifies which direction of traffic to match with this rule
`displayGroup`required	string	The group that this rule belongs to
`displayName`required	string	Localized name of this rule
`edgeTraversalPolicy`required	int	Specifies how this firewall rule will handle edge traversal cases
`enabled`required	int	Whether this rule is administratively enabled or disabled
`enforcementStatus`required	string	Whether this object is retrieved from the ActiveStore
`instanceID`required	string	A string that uniquely identifies this instance within the policy store
`localOnlyMapping`required	int	Whether to group UDP packets into conversations based only on the local address and port
`looseSourceMapping`required	int	Whether to group UDP packets into conversations based on the local address, local port, and remote port
`name`required	string	Name of the rule
`policyStoreSource`required	string	Contains the path to the policy store where this rule originally came from
`policyStoreSourceType`required	int	Describes the type of policy store where this rule originally came from
`primaryStatus`required	int	PrimaryStatus provides a high level status value
`status`required	string	Detailed status of the rule

Values: inbound (1), outbound (2)

Values: block (0), allow (1), defer to user (2), defer to app (3)

Values: enabled (1), disabled (2)

Values: unknown (0), OK (1), degraded (2), error (3)