Netsh AdvFirewall: Manage Windows Firewall using NetShell « Microsoft

Home > Microsoft, Windows General > Netsh AdvFirewall: Manage Windows Firewall using NetShell

Netsh AdvFirewall: Manage Windows Firewall using NetShell

March 19th, 2010 christian Leave a comment Go to comments

Ok, this one’s about managing your Windows Firewall with Advanced Security (WFAS).

Today, most companies disable the Windows Firewall. Why? i think this has several reasons. One reason probably is that they think the LAN is safe and there is no need for a Firewall – negligent! Other reasons might be: laziness, missing understanding / know how, too less time.. Ok, in this post i want to write down some of my own experiences when managing the Windows Firewall with Advanced Security (WFAS) but also i want to show you, that there are easy ways to manage the WFAS using the Netsh command line tool.

Note: Whenever you want to switch to the graphical user interface you can just call the Windows Firewall with Advanced Security MMC using:

wf.msc

To start getting an overview of your current firewall settings i recommend opening a command prompt (cmd.exe) and type netsh. This will start the NetSh command line tool.

netsh

Then switch to the Firewall context just type AdvFirewall (note: ‘Netsh Firewall’ is depreciated. Firewall is now in sub context to AdvFirewall starting Windows Vista or Windows 7 / Windows Server 2008 (R2)– I’m not absolutely sure).

Now type show allprofiles to list the three firewall profiles (Domain Profile, Private Profile and Public Profile).

Now switch to the Firewall Context type Firewall. Well, this might be a bit confusing. I think this is because Microsoft had to keep the existing Firewall context from legacy systems like Windows XP SP2+ so they had to put the existing Firewall context below the AdvFirewall context ..

netsh AdvFirewall Firewall

To list all existing rules type: show rule name=all

To export all the rules to a textfile type

C:\>netsh advfirewall firewall show rule name=all >c:\temp\fwRules.txt

Let’s say you want to allow File and Printer Sharing for a few specific IP Addresses:

netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Session-In)" new enable=yes remoteip=192.168.0.1,192.168.0.100

netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Name-In)" new enable=yes remoteip=192.168.0.1,192.168.0.100

netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Datagram-In)" new enable=yes remoteip=192.168.0.1,192.168.0.100

netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes remoteip=192.168.0.1,192.168.0.100

To allow ping replies (enable echo / ICMP requests)

netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4

i might update this post with additional rules etc when i find the time .. feel free to comment!

Links

Netsh AdvFirewall Firewall Command @technet

How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista

Categories: Microsoft, Windows General Tags: Firewall, WFAS, Windows Firewall with Advanced Security

Comments (0) Trackbacks (1) Leave a comment Trackback

No comments yet.

March 21st, 2010 at 01:24 | #1

Tiki Farm, Pet Society, farmville Hacks Without Cheat Engine | TheFarmvilleCheats.com

VS.NET: Cannot implicitly convert type ‘SomeType[]‘ to ‘System.Collections.ObjectModel.ObservableCollection<[Namespace].SomeType>’ Microsoft Exchange 2007 / 2010 – Statistics using Exchange Management Shell (EMS)

..::\\ www.christiano.ch //::..

Netsh AdvFirewall: Manage Windows Firewall using NetShell

Random Pages

Get Notified when new posts are published

Blogroll

Categories

follow me on twitter