Often times system admins encounter the need to access certain systems through dynamic IP addresses. Windows Advanced Firewall does not natively support hostnames in their ruleset. We’ve customized the below PowerShell script to update Windows Firewall using a dynamic hostname (also known as DDNS).
- ensure your PowerShell allows the execution of remotesigned scripts by opening a PowerShell prompt and typing:
> set-executionpolicy remotesigned
2. create a file named firewallddns.ps1 and add the following script:
# obtain IP address of the hostname
$ips = [System.Net.Dns]::GetHostAddresses(“Your.ddnshostname.here“)# define regex to extract the IP address only
$regex = [regex] “\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b”# extract the IP address from $ips string
$ip2 = $regex.Matches($ips) | %{ $_.value }# here you can replace 1.1.1.1 with a static IP address should you wish to add more than one IP. The firewall allow IP will be overwritten with these new IP information. If you don’t wish to use this line, then set $iplist = $ip2
$iplist = “$ip2,1.1.1.1”# add the $iplist to the remote IP setting in the firewall rule scope
netsh advfirewall firewall set rule name=”The Name of Firewall Rule” new remoteip= $iplist
You can also download a copy of the script Here
3. Create a Scheduled Task from Administrative Tools -> Task Scheduler to run the PowerShell Script on regular basis. In the Task Execution type:
powershell -executionpolicy remotesigned -File C:\path-to\firewalldns.ps1 >> c:\path-to\firewall.log
The above script will work with Windows 2008, Windows 2012, Windows 2016, Windows 2019 ans 2022. Further, the script can be used to add multiple IP addresses to the Windows Firewall rule’s scope.