https://github.com/andreas-schwab-swx/windows-firewall-scripts

PowerShell scripts to harden a Windows PC by blocking or disabling as many unnecessary internet services as possible
https://github.com/andreas-schwab-swx/windows-firewall-scripts

firewall-rules powershell windows

Last synced: 5 months ago
JSON representation

PowerShell scripts to harden a Windows PC by blocking or disabling as many unnecessary internet services as possible

• Host: GitHub
• URL: https://github.com/andreas-schwab-swx/windows-firewall-scripts
• Owner: andreas-schwab-swx
• License: other
• Created: 2025-06-20T12:13:07.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-06-20T12:59:11.000Z (10 months ago)
• Last Synced: 2025-06-20T13:39:55.025Z (10 months ago)
• Topics: firewall-rules, powershell, windows
• Language: PowerShell
• Homepage:
• Size: 5.86 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: readme.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Windows Firewall Scripts

This repository provides PowerShell scripts to harden a Windows PC by blocking or disabling as many unnecessary internet services as possible. The goal is to minimize the system's attack surface on the internet.

These scripts are designed for systems where Tailscale is already installed and remote access is performed via RDP over the Tailscale network.

## File Overview

- **firewall-verification.ps1**

  - Verifies the current firewall configuration and the status of critical services. The script checks that only the intended rules are active, critical ports are blocked, and potentially dangerous Windows services are disabled. A security assessment is displayed at the end.

- **firewall-configuration.ps1**

  - Applies a restrictive Windows Firewall configuration. Only essential rules are enabled; all other inbound connections are blocked. By default, only Tailscale and RDP over Tailscale are allowed.

- **firewall-restore.ps1**

  - Restores the default Windows Firewall configuration and re-enables critical Windows services. Use this script to revert the restrictive settings if needed.

## Usage

1. **Verification:**

   - After a reboot, run `firewall-verification.ps1` to check the security status.

2. **Configuration:**

   - Run `firewall-configuration.ps1` as administrator to apply the restrictive firewall rules.

3. **Restore:**

   - If needed, run `firewall-restore.ps1` to restore the default configuration and services.

**Note:**

All scripts must be executed with administrative privileges.

Copyright © softworx by Andreas Schwab. Licensed under the GNU General Public License (GPL).