Like

iptables

table for linux, is there any plan to build a table for windows systems ?

Does windows have something like

iptables

?

Nope, but at least I am looking for something which helps me find the firewall open ports in windows..

Does windows have any tooling or APIs to display it?

This thread could help: https://serverfault.com/questions/207620/windows-equivalent-of-iptables In windows there is something called

netsh advfirewall

, maybe this can be a good API to use for osquery to develop a table in this regard..

The ToB extension is a wrapper around netsh

The table

PortBlacklist

only allows us to know if a port is blocked, and also I am not willing to manage port blocking or unblocking. I just need to know the open ports. That's it.

These rules are all held in the registry, it should be relatively straightforward to parse them. The major complication is that Windows applies different policies depending if it is on a public, private, or domain-joined network

I am potentially looking at a power shell script:

$fw = New-Object -ComObject HNetCfg.FWPolicy2 
$fw.Rules | where {$_.Enabled -like $true} | Format-Table LocalPorts

Will this be able to find all the rules that are held in registry ?

Not sure. I believe the rules are in

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

but I don’t have a Windows machine to verify with at the moment

Thanks, will check it!