Netsh AdvFirewall: Manage Windows Firewall using NetShell

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Ok, this one’s about managing your Windows Firewall with Advanced Security (WFAS).

Today, most companies disable the Windows Firewall. Why? i think this has several reasons. One reason probably is that they think the LAN is safe and there is no need for a Firewall – negligent! Other reasons might be: laziness, missing understanding / know how, too less time.. Ok, in this post i want to write down some of my own experiences when managing the Windows Firewall with Advanced Security (WFAS) but also i want to show you, that there are easy ways to manage the WFAS using the Netsh command line tool.

Logo_cmd

Note: Whenever you want to switch to the graphical user interface you can just call the Windows Firewall with Advanced Security MMC using:

wf.msc

To start getting an overview of your current firewall settings i recommend opening a command prompt (cmd.exe) and type netsh. This will start the NetSh command line tool.

netsh

Then switch to the Firewall context just type AdvFirewall (note: Netsh Firewall’ is depreciated. Firewall is now in sub context to AdvFirewall starting Windows Vista or Windows 7 / Windows Server 2008 (R2)– I’m not absolutely sure).

Now type show allprofiles to list the three firewall profiles (Domain Profile, Private Profile and Public Profile).

NetSh-AdvFirewall-Show-AllProfiles

Now switch to the Firewall Context type Firewall. Well, this might be a bit confusing. I think this is because Microsoft had to keep the existing Firewall context from legacy systems like Windows XP SP2+ so they had to put the existing Firewall context below the AdvFirewall context ..

netsh AdvFirewall Firewall

To list all existing rules type: show rule name=all

To export all the rules to a textfile type

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

C:\>netsh advfirewall firewall show rule name=all >c:\temp\fwRules.txt

Let’s say you want to allow File and Printer Sharing for a few specific IP Addresses:

netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Session-In)" new enable=yes remoteip=192.168.0.1,192.168.0.100

netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Name-In)" new enable=yes remoteip=192.168.0.1,192.168.0.100

netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Datagram-In)" new enable=yes remoteip=192.168.0.1,192.168.0.100

netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes remoteip=192.168.0.1,192.168.0.100

To allow ping replies (enable echo / ICMP requests)

netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4

i might update this post with additional rules etc when i find the time .. feel free to comment!

Links

Netsh AdvFirewall Firewall Command @technet

How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista

5 thoughts on “Netsh AdvFirewall: Manage Windows Firewall using NetShell

  1. Pingback: Tiki Farm, Pet Society, farmville Hacks Without Cheat Engine | TheFarmvilleCheats.com

  2. So I see how to set File & Printer sharing, but how to query for it? What is the proper command to NETSH ADVFIREWALL SHOW?

    Thanks

  3. i tried to enable the remote desktop – remotefx for Private profile only.

    when i tried below command

    netsh advfirewall firewall set rule group=””remote desktop – remoteFX”” new enable=Yes profile=private

    got error :
    “only the enable parameter can be used to update rule”

    may be i left some parameters?

  4. Okay, when updating an existing rule, why do you have to specify new? This broke my mind yesterday. Especially trying to refer to microsoft’s documentation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.