Netsh advanced firewall commands

Check advanced firewall status

find out which profile is the advfirewall in

netsh advfirewall show currentprofile

get info about advfirewall all profiles

netsh advfirewall show allprofiles state

Enable/disable advanced firewall

enable advfirewall:

netsh advfirewall set allprofiles state on

disable advfirewall:

netsh advfirewall set allprofiles state off

Reset advanced firewall to default settings

netsh advfirewall reset

Set firewall policy

netsh advfirewall set domainprofile firewallpolicy allowinboound,allowoutbound

Export and import advanced firewall settings

netsh advfirewall export "C:\temp\WFconfiguration.wfw"

netsh advfirewall import "C:\temp\WFconfiguration.wfw"

Rules

displays all currently defined firewall rules

netsh advfirewall firewall show rule name=all

show rules for the domain profile

netsh advfirewall firewall show rule name=all profile=domain

(Note: The above command does not show rules where profile=domain,public or profile=domain,private. It only shows rules that have the single entry domain included in the rule)

 

deny all incoming connections and allow all outgoing connections

netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound

allow or prevent ping

netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=block protocol=icmpv4

netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4

allow well-known rules (remote administration for mmc, remote desktop atc.)

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
netsh advfirewall firewall set rule group="Remote Service Management" new enable=yes
netsh advfirewall firewall set rule group="Performance Logs and Alerts" new enable=yes 
netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes
netsh advfirewall firewall set rule group="Remote Scheduled Tasks Management" new enable=yes
netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes 
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable =yes
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

add a rule allowing tcp or udp incoming packets on port 80:

netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=allow dir=IN
netsh advfirewall firewall add rule name="HTTP" protocol=UDP localport=80 action=allow dir=IN

add and delete a rule allowing tcp packets on port 1433 (SQL server)

netsh advfirewall firewall add rule name="SQL Server Port 1433" dir=in action=allow protocol=TCP localport=1433

netsh advfirewall firewall delete rule name="SQL Server Port 1433" protocol=tcp localport=1433

open firewall for a given application

netsh advfirewall firewall add rule name="Allow Skype" dir=in action=allow program="C:\program files\Skype\skype.exe"

deny tcp or udp packets on port x:

netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=block dir=IN
netsh advfirewall firewall add rule name="HTTP" protocol=UDP localport=80 action=block dir=IN

 

delete a rule:

netsh advfirewall firewall delete rule name="HTTP"

 

allow or deny incoming connection for specific port and IP:

netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=allow dir=IN remoteip=x.x.x.x
netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=block dir=IN remoteip=x.x.x.x

Allow or deny incoming connection for specific port and subnet:

netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=block dir=IN remoteip=x.x.x.x/24

or

netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=allow dir=IN remoteip=x.x.x.x-x.x.x.x

or

netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=block dir=IN remoteip=localsubnet

Netsh AdvFirewall Firewall Commands

Advertisements

Tagged: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

smsagent

Tips, tricks and time-savers for the Windows and ConfigMgr administrator

To The Point

Anything about Technology and Business

Brian's Power Windows Blog

Microsoft in the Enterprise. Windows, Hyper-V, Exchange, SQL, and more!

PowerScripting Podcast

Shownotes and links for the PowerScripting Podcast, a podcast to help people learn Windows Powershell

Learn Powershell | Achieve More

What is this Powershell of which you speak?

%d bloggers like this: