Microsoft Windows [Version 6.0.6001]
(C) Copyright 2006 Microsoft Corp. C:\Windows>netsh firewall ? The following commands are available: Commands in this context: ? - Displays a list of commands. add - Adds firewall configuration. delete - Deletes firewall configuration. dump - Displays a configuration script. help - Displays a list of commands. reset - Resets firewall configuration to default. set - Sets firewall configuration. show - Shows firewall configuration. To view help for a command, type the command, followed by a space, and then type ?.
Adds firewall configuration.
»netsh »firewall »add
C:\Windows>netsh firewall add ? The following commands are available: Commands in this context: add allowedprogram - Adds firewall allowed program configuration. add portopening - Adds firewall port configuration.
Adds firewall allowed program configuration.
»netsh »firewall »add »allowedprogram
C:\Windows>netsh firewall add allowedprogram ?
add allowedprogram
[ program = ] path
[ name = ] name
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Adds firewall allowed program configuration.
Parameters:
program - Program path and file name.
name - Program name.
mode - Program mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Program scope (optional).
ALL - Allow all traffic through firewall (default).
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
This comma-separated scope can contain IPv4 addresses,
IPv6 addresses, subnets, ranges, or the keyword LocalSubnet.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Remarks: 'scope' must be 'CUSTOM' to specify 'addresses'.
'addresses' can not contain Unspecified or Loopback addresses.
Examples:
add allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLE
add allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
add allowedprogram program=C:\MyApp\MyApp.exe name="My Application"
mode=DISABLE
add allowedprogram program=C:\MyApp\MyApp.exe name="My Application"
mode=ENABLE scope=CUSTOM addresses=157.60.0.1,
172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
Adds firewall port configuration.
»netsh »firewall »add »portopening
C:\Windows>netsh firewall add portopening ?
add portopening
[ protocol = ] TCP|UDP|ALL
[ port = ] 1-65535
[ name = ] name
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
Adds firewall port configuration.
Parameters:
protocol - Port protocol.
TCP - Transmission Control Protocol (TCP).
UDP - User Datagram Protocol (UDP).
ALL - All protocols.
port - Port number.
name - Port name.
mode - Port mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Port scope (optional).
ALL - Allow all traffic through firewall (default).
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
This comma-separated scope can contain IPv4 addresses,
IPv6 addresses, subnets, ranges, or the keyword LocalSubnet.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Remarks: 'scope' must be 'CUSTOM' to specify 'addresses'.
'addresses' can not contain unspecified or loopback addresses.
Examples:
add portopening TCP 80 "My Web Port"
add portopening UDP 500 IKE ENABLE ALL
add portopening ALL 53 DNS ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
add portopening protocol=ALL port=53 name=DNS mode=ENABLE scope=CUSTOM
addresses=157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
Deletes firewall configuration.
»netsh »firewall »delete
C:\Windows>netsh firewall delete ? The following commands are available: Commands in this context: delete allowedprogram - Deletes firewall allowed program configuration. delete portopening - Deletes firewall port configuration.
Deletes firewall allowed program configuration.
»netsh »firewall »delete »allowedprogram
C:\Windows>netsh firewall delete allowedprogram ?
delete allowedprogram
[ program = ] path
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Deletes firewall allowed program configuration.
Parameters:
program - Program path and file name.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Examples:
delete allowedprogram C:\MyApp\MyApp.exe
delete allowedprogram program=C:\MyApp\MyApp.exe
Deletes firewall port configuration.
»netsh »firewall »delete »portopening
C:\Windows>netsh firewall delete portopening ?
delete portopening
[ protocol = ] TCP|UDP|ALL
[ port = ] 1-65535
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL
Deletes firewall port configuration.
Parameters:
protocol - Port protocol.
TCP - Transmission Control Protocol (TCP).
UDP - User Datagram Protocol (UDP).
ALL - All protocols.
port - Port number.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Examples:
delete portopening TCP 80
delete portopening protocol=UDP port=500
Displays a configuration script.
»netsh »firewall »dump
C:\Windows>netsh firewall dump ?
Usage: dump
Remarks:
Creates a script that contains the current configuration. If saved to a
file, this script can be used to restore altered configuration settings.
Displays a list of commands.
»netsh »firewall »help
C:\Windows>netsh firewall help ?
Usage: help
Remarks:
Displays a list of commands.
Resets firewall configuration to default.
»netsh »firewall »reset
C:\Windows>netsh firewall reset ?
reset
Resets firewall configuration to default.
Remarks: Restoring the default settings will delete all Windows
Firewall settings that you have changed. For example, if
you have allowed certain programs through the firewall those
programs will be blocked again.
Sets firewall configuration.
»netsh »firewall »set
C:\Windows>netsh firewall set ? The following commands are available: Commands in this context: set allowedprogram - Sets firewall allowed program configuration. set icmpsetting - Sets firewall ICMP configuration. set logging - Sets firewall logging configuration. set multicastbroadcastresponse - Sets firewall multicast/broadcast response configuration. set notifications - Sets firewall notification configuration. set opmode - Sets firewall operational configuration. set portopening - Sets firewall port configuration. set service - Sets firewall service configuration.
Sets firewall allowed program configuration.
»netsh »firewall »set »allowedprogram
C:\Windows>netsh firewall set allowedprogram ?
set allowedprogram
[ program = ] path
[ [ name = ] name
[ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall allowed program configuration.
Parameters:
program - Program path and file name.
name - Program name (optional).
mode - Program mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Program scope (optional).
ALL - Allow all traffic through firewall (default).
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
This comma-separated scope can contain IPv4 addresses,
IPv6 addresses, subnets, ranges, or the keyword LocalSubnet.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Remarks: 'scope' must be 'CUSTOM' to specify 'addresses'.
'addresses' can not contain Unspecified or Loopback addresses.
Examples:
set allowedprogram C:\MyApp\MyApp.exe "My Application" DISABLE
set allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
set allowedprogram program=C:\MyApp\MyApp.exe name="My Application"
mode=DISABLE
set allowedprogram program=C:\MyApp\MyApp.exe name="My Application"
mode=ENABLE scope=CUSTOM addresses=157.60.0.1,
172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
Sets firewall ICMP configuration.
»netsh »firewall »set »icmpsetting
C:\Windows>netsh firewall set icmpsetting ?
set icmpsetting
[ type = ] 2-5|8-9|11-13|17|ALL
[ [ mode = ] ENABLE|DISABLE
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
Sets firewall ICMP configuration.
Parameters:
type - ICMP type.
2 - Allow outbound packet too big.
3 - Allow outbound destination unreachable.
4 - Allow outbound source quench.
5 - Allow redirect.
8 - Allow inbound echo request.
9 - Allow inbound router request.
11 - Allow outbound time exceeded.
12 - Allow outbound parameter problem.
13 - Allow inbound timestamp request.
17 - Allow inbound mask request.
ALL - All types.
mode - ICMP mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Examples:
set icmpsetting 8
set icmpsetting 8 ENABLE
set icmpsetting type=ALL mode=DISABLE
Sets firewall logging configuration.
»netsh »firewall »set »logging
C:\Windows>netsh firewall set logging ?
set logging
[ [ filelocation = ] path
[ maxfilesize = ] 1-32767
[ droppedpackets = ] ENABLE|DISABLE
[ connections = ] ENABLE|DISABLE ]
Sets firewall logging configuration.
Parameters:
filelocation - Log path and file name (optional).
maxfilesize - Maximum log file size in kilobytes (optional).
droppedpackets - Dropped packet log mode (optional).
ENABLE - Log in firewall.
DISABLE - Do not log in firewall.
connections - Successful connection log mode (optional).
ENABLE - Log in firewall.
DISABLE - Do not log in firewall.
Remarks: At least one parameter must be specified.
Examples:
set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 4096 ENABLE
set logging filelocation=%systemroot%\system32\LogFiles\Firewall\pfirewall.log maxfilesize=4096
droppedpackets=ENABLE
Sets firewall multicast/broadcast response configuration.
»netsh »firewall »set »multicastbroadcastresponse
C:\Windows>netsh firewall set multicastbroadcastresponse ?
set multicastbroadcastresponse
[ mode = ] ENABLE|DISABLE
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall multicast/broadcast response configuration.
Parameters:
mode - Multicast/broadcast response mode.
ENABLE - Allow responses to multicast/broadcast traffic through the
firewall.
DISABLE - Do not allow responses to multicast/broadcast traffic
through the firewall.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Examples:
set multicastbroadcastresponse ENABLE
set multicastbroadcastresponse mode=DISABLE
Sets firewall notification configuration.
»netsh »firewall »set »notifications
C:\Windows>netsh firewall set notifications ?
set notifications
[ mode = ] ENABLE|DISABLE
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall notification configuration.
Parameters:
mode - Notification mode.
ENABLE - Allow pop-up notifications from firewall.
DISABLE - Do not allow pop-up notifications from firewall.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Examples:
set notifications ENABLE
set notifications mode=DISABLE
Sets firewall operational configuration.
»netsh »firewall »set »opmode
C:\Windows>netsh firewall set opmode ?
set opmode
[ mode = ] ENABLE|DISABLE
[ [ exceptions = ] ENABLE|DISABLE
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
Sets firewall operational configuration.
Parameters:
mode - Operational mode.
ENABLE - Enable firewall.
DISABLE - Disable firewall.
exceptions - Exception mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Examples:
set opmode ENABLE
set opmode mode=ENABLE exceptions=DISABLE
Sets firewall port configuration.
»netsh »firewall »set »portopening
C:\Windows>netsh firewall set portopening ?
set portopening
[ protocol = ] TCP|UDP|ALL
[ port = ] 1-65535
[ [ name = ] name
[ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
Sets firewall port configuration.
Parameters:
protocol - Port protocol.
TCP - Transmission Control Protocol (TCP).
UDP - User Datagram Protocol (UDP).
ALL - All protocols.
port - Port number.
name - Port name (optional).
mode - Port mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Port scope (optional).
ALL - Allow all traffic through firewall (default).
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
This comma-separated scope can contain IPv4 addresses,
IPv6 addresses, subnets, ranges, and the keyword LocalSubnet.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Remarks: 'scope' must be 'CUSTOM' to specify 'addresses'.
'addresses' can not contain unspecified or loopback addresses.
Examples:
set portopening TCP 80 "My Web Port"
set portopening UDP 500 IKE ENABLE ALL
set portopening ALL 53 DNS ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
set portopening protocol=ALL port=53 name=DNS mode=ENABLE scope=CUSTOM
addresses=157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
Sets firewall service configuration.
»netsh »firewall »set »service
C:\Windows>netsh firewall set service ?
set service
[ type = ] FILEANDPRINT|REMOTEADMIN|REMOTEDESKTOP|UPNP|ALL
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall service configuration.
Parameters:
type - Service type.
FILEANDPRINT - File and printer sharing.
REMOTEADMIN - Remote administration.
REMOTEDESKTOP - Remote assistance and remote desktop.
UPNP - UPnP framework.
ALL - All types.
mode - Service mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Service scope (optional).
ALL - Allow all traffic through firewall.
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
This comma-separated scope can contain IPv4 addresses,
IPv6 addresses, subnets, ranges, or the keyword LocalSubnet.
profile - Configuration profile (optional).
CURRENT - Applies to the active profile. Active profile can be domain,
standard (i.e. private), or public. (default).
DOMAIN - Applies to the domain profile.
STANDARD - Applies to the standard (i.e. private) profile.
ALL - Applies to the domain and standard (i.e. private) profile.
Does not apply to the public profile.
Remarks: 'scope' must be 'CUSTOM' to specify 'addresses'.
'addresses' can not contain Unspecified or Loopback addresses.
Examples:
set service FILEANDPRINT
set service REMOTEADMIN DISABLE
set service REMOTEDESKTOP ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
set service type=UPNP
set service type=REMOTEADMIN mode=ENABLE scope=SUBNET
set service type=REMOTEDESKTOP mode=ENABLE scope=CUSTOM
addresses=157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,
12AB:0000:0000:CD30::/60,LocalSubnet
Shows firewall configuration.
»netsh »firewall »show
C:\Windows>netsh firewall show ? The following commands are available: Commands in this context: show allowedprogram - Shows firewall allowed program configuration. show config - Shows firewall configuration. show currentprofile - Shows current firewall profile. show icmpsetting - Shows firewall ICMP configuration. show logging - Shows firewall logging configuration. show multicastbroadcastresponse - Shows firewall multicast/broadcast response configuration. show notifications - Shows firewall notification configuration. show opmode - Shows firewall operational configuration. show portopening - Shows firewall port configuration. show service - Shows firewall service configuration. show state - Shows current firewall state.
Shows firewall allowed program configuration.
»netsh »firewall »show »allowedprogram
C:\Windows>netsh firewall show allowedprogram ?
show allowedprogram
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall allowed program configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show allowedprogram
show allowedprogram ENABLE
show allowedprogram verbose=ENABLE
Shows firewall configuration.
»netsh »firewall »show »config
C:\Windows>netsh firewall show config ?
show config
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show config
show config ENABLE
show config verbose=ENABLE
Shows current firewall profile.
»netsh »firewall »show »currentprofile
C:\Windows>netsh firewall show currentprofile ? show currentprofile Shows current firewall profile.
Shows firewall ICMP configuration.
»netsh »firewall »show »icmpsetting
C:\Windows>netsh firewall show icmpsetting ?
show icmpsetting
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall ICMP configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show icmpsetting
show icmpsetting ENABLE
show icmpsetting verbose=ENABLE
Shows firewall logging configuration.
»netsh »firewall »show »logging
C:\Windows>netsh firewall show logging ? show logging Shows firewall logging configuration.
Shows firewall multicast/broadcast response configuration.
»netsh »firewall »show »multicastbroadcastresponse
C:\Windows>netsh firewall show multicastbroadcastresponse ? show multicastbroadcastresponse Shows firewall multicast/broadcast response configuration.
Shows firewall notification configuration.
»netsh »firewall »show »notifications
C:\Windows>netsh firewall show notifications ? show notifications Shows firewall notification configuration.
Shows firewall operational configuration.
»netsh »firewall »show »opmode
C:\Windows>netsh firewall show opmode ? show opmode Shows firewall operational configuration.
Shows firewall port configuration.
»netsh »firewall »show »portopening
C:\Windows>netsh firewall show portopening ?
show portopening
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall port configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show portopening
show portopening ENABLE
show portopening verbose=ENABLE
Shows firewall service configuration.
»netsh »firewall »show »service
C:\Windows>netsh firewall show service ?
show service
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall service configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show service
show service ENABLE
show service verbose=ENABLE
Shows current firewall state.
»netsh »firewall »show »state
C:\Windows>netsh firewall show state ?
show state
[ [ verbose = ] DISABLE|ENABLE ]
Shows current firewall state.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show state
show state ENABLE
show state verbose=ENABLE
- de -/- en -
