..
    generated, remove this comment to keep this file

``firewall.rules``
==================

.. code-block:: console

    $ target-query <path/to/target> -f firewall.rules


.. list-table:: Details
    :widths: 20 80

    * - Module
      - ``dissect.target.plugins.os.windows.firewall.WindowsFirewallPlugin``
    * - Output
      - ``records``

**Module documentation**

Windows Firewall plugin.

**Function documentation**

Return firewall rules saved in the Windows registry.

For a Windows operating system, the Firewall rules are stored in the
``HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules`` registry key.

References:
    - https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-gpfas/2efe0b76-7b4a-41ff-9050-1023f8196d16

Yields dynamic records with usually the following fields:

.. code-block:: text

    hostname (string): The target hostname.
    domain (string): The target domain.
    key (string): The rule key name.
    version (string): The version field of the rule.
    action (string): The action of the rule.
    active (boolean): Whether the rule is active.
    dir (string): The direction of the rule.
    protocol (string): The specified IANA protocol (UDP, TCP, etc).
    lport (string): The listening port or range of the rule.
    rport (string): The receiving port or range the rule.
    profile (string): The Profile field of the rule.
    app (string): The App field of the rule.
    svc (string): The Svc of the rule.
    name (string): The Name of the rule.
    desc (string): The Desc of the rule.
    embed_ctxt (string): The EmbedCtxt of the rule.