我就是这样做的。大约需要8秒。对于invoke-command,pscomputername 具有主机名,并且还有一个runspaceid。 -pv 是管道变量。我必须将 get-netfirewallrule 放入 % 或 foreach-object 中,以便它针对端口信息的每个实例运行。
令人烦恼的是,本地端口可以是对象数组或带有破折号的字符串或“任何”之类的单词。对它们进行数字过滤是有问题的。
LocalPort type
--------- ----
546 System.String
{554, 8554-8558} System.Object[]
5000-5020 System.String
{554, 8554, 8555, 8556...} System.Object[]
{80, 443} System.Object[]
Any System.String
IPHTTPSIn System.String
PlayToDiscovery System.String
RPC System.String
RPCEPMap System.String
Teredo System.String
1024-65535
5000-5020
8554-8558
7200-17210
invoke-command localhost { Get-NetFirewallPortFilter |
? {
80 -in $_.localport -or
135 -in $_.localport -or
139 -in $_.localport -or
445 -in $_.localport -or
5985 -in $_.localport -or
5986 -in $_.localport -or
$(if($_.localport -as 'int') { ([int]$_.LocalPort -ge 49152 -and
[int]$_.LocalPort -le 65535) } )
} -pv port |
% { $_ | Get-NetFirewallRule } |
? { $_.action -eq 'allow' -and $_.enabled -eq $true -and
$_.direction -eq 'inbound' } |
select Name,Profile,Enabled,Direction,Action,
@{n='Protocol';e={$port.Protocol}},
@{n='Localport';e={$port.Localport}},
@{n='Remoteport';e={$port.Remoteport}} } | ft -a
Name Profile Enabled Direction Action Protocol Localport Remoteport PSComputerName RunspaceId
---- ------- ------- --------- ------ -------- --------- ---------- -------------- ----------
WINRM-HTTP-In-TCP-NoScope Domain, Private True Inbound Allow TCP 5985 Any localhost 8366c72c-e868-4e50-adb5-85c4deea3583
WINRM-HTTP-In-TCP Public True Inbound Allow TCP 5985 Any localhost 8366c72c-e868-4e50-adb5-85c4deea3583
IIS-WebServerRole-HTTP-In-TCP Any True Inbound Allow TCP 80 Any localhost 8366c72c-e868-4e50-adb5-85c4deea3583