Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
windows_firewall_rules
windows_firewall_rules
Provides the list of Windows firewall rules.
| Column | Type | Description |
|---|---|---|
| action | text | Action for the rule or default setting |
| app_name | text | Friendly name of the application to which the rule applies |
| direction | text | Direction of traffic for which the rule applies |
| enabled | integer | 1 if the rule is enabled |
| grouping | text | Group to which an individual rule belongs |
| icmp_types_codes | text | ICMP types and codes for the rule |
| local_addresses | text | Local addresses for the rule |
| local_ports | text | Local ports for the rule |
| name | text | Friendly name of the rule |
| profile_domain | integer | 1 if the rule profile type is domain |
| profile_private | integer | 1 if the rule profile type is private |
| profile_public | integer | 1 if the rule profile type is public |
| protocol | text | IP protocol of the rule |
| remote_addresses | text | Remote addresses for the rule |
| remote_ports | text | Remote ports for the rule |
| service_name | text | Service name property of the application |
Example
Controlling inbound access to remote services is essential for maintaining security on a system. This query lists all enabled Windows Firewall rules that allow inbound RDP, WinRM & VNC connections on the public firewall profile.
SELECT name,app_name,local_ports FROM windows_firewall_rules WHERE enabled = 1 AND direction = "In" AND remote_addresses="*" AND profile_public = 1 AND action = "Allow" AND local_ports IN ("3389","5985","5986","5900");Notes
- A rule can exist, but it has to be part of the currently enabled firewall profile to be enforced.
Edit page
Ask us anything
Questions?
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
