Skip to main content

How to List Firewall Rules for a Specific Profile in Batch Script

Windows Firewall rules don't apply universally to all networks; they are assigned to three distinct Profiles: Domain, Private, and Public. A rule that allows file sharing on your "Private" home network might be (and should be) blocked on a "Public" airport Wi-Fi. When troubleshooting or auditing security, listing every rule is distracting. You need to "Filter" the list to see exactly what is allowed on your current active profile. A Batch script can use netsh advfirewall to isolate rules by profile, ensuring your security configuration is appropriate for your location.

This guide will explain how to audit firewall rules per profile.

Method 1: Listing Rules for a Specific Profile

The netsh advfirewall command allows you to filter the rules so you only see what's relevant to a specific networking environment.

@echo off
setlocal

if "%~1"=="" (
    echo Usage: %~nx0 ^<domain^|private^|public^>
    exit /b 1
)

set "TargetProfile=%~1"

echo [AUDIT] Listing active rules for the %TargetProfile% profile...
echo.

netsh advfirewall firewall show rule name=all profile=%TargetProfile%

pause

Method 2: Active Profile Detection and Rule Listing

This method first detects which profile is currently "Active" and then lists the rules for it.

@echo off
setlocal enabledelayedexpansion

echo [SCAN] Detecting active Network Profile...
echo.

set "CurrentProfile="

:: Check each profile individually for active state
for %%P in (Domain Private Public) do (
    for /f "tokens=*" %%L in ('netsh advfirewall show %%Pprofile state 2^>nul ^| findstr /i "ON"') do (
        set "CurrentProfile=%%P"
    )
)

if not defined CurrentProfile (
    echo [ERROR] Could not detect an active profile.
    echo         The firewall may be disabled on all profiles.
    pause
    exit /b 1
)

echo Your current active profile is: %CurrentProfile%
echo.
echo [AUDIT] Listing enabled rules for the %CurrentProfile% profile...
echo.

netsh advfirewall firewall show rule name=all profile=%CurrentProfile% status=enabled

pause
endlocal

Method 3: Visual Summary of Profile States

Before checking rules, verify if the firewall itself is even ON for that profile.

@echo off
echo [LOG] Checking Profile Shield Status...
echo.

netsh advfirewall show allprofiles state

echo.
pause

How to Avoid Common Errors

Wrong Way: Searching for "Domain" and getting "DomainProfile"

If you use a simple findstr "Domain", you might get rules that belong to the "Domain" profile OR rules that simply have the word "Domain" in their name.

Correct Way: Use the built-in profile= argument in the netsh command (as shown in Method 1). This ensures the firewall engine does the filtering, giving you 100% accurate results based on the rule's metadata.

Problem: Rules applying to "Any"

Many rules are set to Profile: Any. This means they will show up in your "Public" list even if they were originally intended for "Private" use.

Solution: Pay close attention to rules marked as Any. If you find a high-risk rule (like an open database port) marked as Any, you should modify it to target a specific profile for better security.

Best Practices and Rules

1. Hardening "Public"

Your most important audit is the Public profile. This is the profile that activates when you connect to a hotel, airport, or cafe. Ideally, this list should be as short as possible.

2. Identify "Domain" Inheritance

The Domain profile only activates when the computer is connected to its corporate network. If you see rules in the Domain profile that aren't working at home, it's because the "Private" profile has different rules.

3. Log to CSV

For corporate compliance, log the rules for all three profiles into separate files. netsh advfirewall firewall show rule name=all profile=public > public_report.txt netsh advfirewall firewall show rule name=all profile=private > private_report.txt

Conclusions

Listing firewall rules by profile provides a "Context-Aware" look at your system's security. By moving beyond a global list and identifying which rules are active for your current network environment, you gain the power to harden your machine against the specific risks of public Wi-Fi or home networking. This professional auditing is essential for maintaining a high security standard across different physical and digital locations.

Table of Contents