Windows Server firewall track connection state
I am trying to control a Windows Server 2012 (R2) firewall by using PowerShell commands (see https://technet.microsoft.com/en-us/library/hh831755.aspx#BKMK_ProfileGlobalDefaults for example and reference).
On my Linux machines, I was able to track connection state with IPTables using conntrack
to be able to allow established and related connections (http://www.iptables.info/en/connection-state.html). I haven't found an equivalent in the Windows Firewall.
Is there a way to do this in Windows Server using PowerShell? I have searched all over the internet and not found anything relevant.
You can query active TCP connections, listening ports, processes, etc. using the netstat command in Windows.
https://technet.microsoft.com/en-us/library/ff961504.aspx
For your script, you could combine netstat it with some PowerShell to do the filtering and parsing and build your firewall commands. For example, this script takes the netstat command and extends it to provide process names and filtering.
https://gallery.technet.microsoft.com/scriptcenter/Get-NetworkStatistics-66057d71
Changing firewall rules will affect established connections. see this answer Do new Windows firewall rules affect currently open connections?
it is time to leave windows, linux iptables is magic.