Query your Windows Firewall?

Posted by

I have been sitting and looking at built-in Windows Firewall logs for a while and I have not found any funny way of looking at these, so I just created a PowerShell script that will transform your firewall log into XML.

Why? So instead of looking at the log like this

You can easily transform it into a table where you can make queries and sort in the way you would like this

Run the command

View all traffic that has been allowed by using this command
$xml.fwlog.traffic | Where-Object {$_.action -match “ALLOW” } | ft


Or all ALLOWed traffic where destination IP =, source IP =


Or if you want to save it to a file, just hit $xml.Save(“C:\Temp\filewall.xml”) and you can view it in your favorite application.

These are just some examples, there are endless way to make the query

Just download the PowerShell script and start your firewall investigations!


One comment

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.