Check advanced firewall status
find out which profile is the advfirewall in
netsh advfirewall show currentprofile
get info about advfirewall all profiles
netsh advfirewall show allprofiles state
Enable/disable advanced firewall
enable advfirewall:
netsh advfirewall set allprofiles state on
disable advfirewall:
netsh advfirewall set allprofiles state off
Reset advanced firewall to default settings
netsh advfirewall reset
Set firewall policy
netsh advfirewall set domainprofile firewallpolicy allowinboound,allowoutbound
Export and import advanced firewall settings
netsh advfirewall export "C:\temp\WFconfiguration.wfw"
netsh advfirewall import "C:\temp\WFconfiguration.wfw"
Rules
displays all currently defined firewall rules
netsh advfirewall firewall show rule name=all
show rules for the domain profile
netsh advfirewall firewall show rule name=all profile=domain
(Note: The above command does not show rules where profile=domain,public or profile=domain,private. It only shows rules that have the single entry domain included in the rule)
deny all incoming connections and allow all outgoing connections
netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound
allow or prevent ping
netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=block protocol=icmpv4
netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4
allow well-known rules (remote administration for mmc, remote desktop atc.)
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
netsh advfirewall firewall set rule group="Remote Service Management" new enable=yes
netsh advfirewall firewall set rule group="Performance Logs and Alerts" new enable=yes
netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes
netsh advfirewall firewall set rule group="Remote Scheduled Tasks Management" new enable=yes
netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable =yes
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
add a rule allowing tcp or udp incoming packets on port 80:
netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=allow dir=IN
netsh advfirewall firewall add rule name="HTTP" protocol=UDP localport=80 action=allow dir=IN
add and delete a rule allowing tcp packets on port 1433 (SQL server)
netsh advfirewall firewall add rule name="SQL Server Port 1433" dir=in action=allow protocol=TCP localport=1433
netsh advfirewall firewall delete rule name="SQL Server Port 1433" protocol=tcp localport=1433
open firewall for a given application
netsh advfirewall firewall add rule name="Allow Skype" dir=in action=allow program="C:\program files\Skype\skype.exe"
deny tcp or udp packets on port x:
netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=block dir=IN
netsh advfirewall firewall add rule name="HTTP" protocol=UDP localport=80 action=block dir=IN
delete a rule:
netsh advfirewall firewall delete rule name="HTTP"
allow or deny incoming connection for specific port and IP:
netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=allow dir=IN remoteip=x.x.x.x
netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=block dir=IN remoteip=x.x.x.x
Allow or deny incoming connection for specific port and subnet:
netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=block dir=IN remoteip=x.x.x.x/24
or
netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=allow dir=IN remoteip=x.x.x.x-x.x.x.x
or
netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=block dir=IN remoteip=localsubnet
Netsh AdvFirewall Firewall Commands
Tagged: Firewall, Windows 7, Windows Server 2008 R2
Leave a Reply