to create the firewall rule, you need to get the package SID.
the normal method is DeriveAppContainerSidFromAppContainerName.
but thankfully there's an alternate implementation from https://github.com/metablaster/WindowsFirewallRuleset/issues/6 that could convert PackageFamilyName to SID, and I ported the method to python3.
New-NetFirewallRule -Displayname RULENAME -enabled false -action block -direction out -package SID
# Get-AppxPackage|select Name,PackageFamilyName
import hashlib
# s is PackageFamilyName
def AppSid(s):
# unicode without bom
a = hashlib.sha256(s.lower().encode('utf16')[2:]).digest()
r = []
for i in range(0,28,4): # not 32, last part not needed
r.append(int.from_bytes(a[i:i+4],'little'))
return 'S-1-15-2-' + '-'.join(map(str,r))
AppSid('Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy')
# 'S-1-15-2-3119458392-1009845475-4083330090-3659807469-4003170139-1239840055-303833190'
AppSid('MicrosoftWindows.Client.FileExp_cw5n1h2txyewy')
# 'S-1-15-2-2432820154-214690117-2638483218-3299957948-3041975438-3418652010-4243016273'
AppSid('MicrosoftWindows.Client.CBS_cw5n1h2txyewy')
# 'S-1-15-2-283421221-3183566570-1718213290-751554359-3541592344-2312209569-3374928651'
AppSid('MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy')
# 'S-1-15-2-1312876954-3728250218-3694470604-4188764552-3197360367-780678243-3229644300'
AppSid('Microsoft.PowerShell_8wekyb3d8bbwe')
# 'S-1-15-2-3474344596-1361774275-169937050-1715369765-655753896-4292765343-1302149271'