Technical Information Blog Information about technologies at Mediumcube and our services

December 16, 2018

Use Dynamic DNS (DDNS) with Windows 2008/2012/2016 Firewall

Often times system admins encounter the need to access certain systems through dynamic IP addresses. Windows Advanced Firewall does not natively support hostnames in their ruleset. We’ve customized the below PowerShell script to update Windows Firewall using a dynamic hostname (also known as DDNS).

  1. ensure your PowerShell allows the execution of remotesigned scripts by opening a PowerShell prompt and typing:

> set-executionpolicy remotesigned


2.  create a file named firewallddns.ps1  and add the following script:

# obtain IP address of the hostname
$ips = [System.Net.Dns]::GetHostAddresses(““)

# define regex to extract the IP address only
$regex = [regex] “\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b”

# extract the IP address from $ips string
$ip2 = $regex.Matches($ips) | %{ $_.value }

# here you can replace with a static IP address should you wish to add more than one IP. The firewall allow IP will be overwritten with these new IP information. If you don’t wish to use this line, then set $iplist = $ip2
$iplist = “$ip2,

# add the $iplist to the remote IP setting in the firewall rule scope
netsh advfirewall firewall set rule name=”The Name of Firewall Rule” new remoteip= $iplist

You can also download a copy of the script Here

3. Create a Scheduled Task from Administrative Tools -> Task Scheduler  to run the PowerShell Script on regular basis. In the Task Execution type:

powershell -executionpolicy remotesigned -File C:\path-to\firewalldns.ps1 >> c:\path-to\firewall.log


The above script will work with Windows 2008, Windows 2012 and Windows 2016. Further, the script can be used to add multiple IP addresses to the Windows Firewall rule’s scope.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress