Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1986-2001 Microsoft Corp. C:\Windows>netsh firewall ? The following commands are available: Commands in this context: ? - Displays a list of commands. add - Adds firewall configuration. delete - Deletes firewall configuration. dump - Displays a configuration script. help - Displays a list of commands. reset - Resets firewall configuration to default. set - Sets firewall configuration. show - Shows firewall configuration. To view help for a command, type the command, followed by a space, and then type ?.
Adds firewall configuration.
»netsh »firewall »add
C:\Windows>netsh firewall add ? The following commands are available: Commands in this context: add allowedprogram - Adds firewall allowed program configuration. add portopening - Adds firewall port configuration.
Adds firewall allowed program configuration.
»netsh »firewall »add »allowedprogram
C:\Windows>netsh firewall add allowedprogram ?
add allowedprogram
[ program = ] path
[ name = ] name
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Adds firewall allowed program configuration.
Parameters:
program - Program path and file name.
name - Program name.
mode - Program mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Program scope (optional).
ALL - Allow all traffic through firewall (default).
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Remarks: 'scope' must be 'CUSTOM' to specify 'addresses'.
Examples:
add allowedprogram C:\MyApp\MyApp.exe MyApp ENABLE
add allowedprogram C:\MyApp\MyApp.exe MyApp DISABLE
add allowedprogram C:\MyApp\MyApp.exe MyApp ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
add allowedprogram program = C:\MyApp\MyApp.exe name = MyApp mode = ENABLE
add allowedprogram program = C:\MyApp\MyApp.exe name = MyApp mode = DISABLE
add allowedprogram program = C:\MyApp\MyApp.exe name = MyApp mode = ENABLE
scope = CUSTOM addresses =
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
Adds firewall port configuration.
»netsh »firewall »add »portopening
C:\Windows>netsh firewall add portopening ?
add portopening
[ protocol = ] TCP|UDP|ALL
[ port = ] 1-65535
[ name = ] name
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Adds firewall port configuration.
Parameters:
protocol - Port protocol.
TCP - Transmission Control Protocol (TCP).
UDP - User Datagram Protocol (UDP).
ALL - All protocols.
port - Port number.
name - Port name.
mode - Port mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Port scope (optional).
ALL - Allow all traffic through firewall (default).
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not be specified together.
'scope' and 'interface' may not be specified together.
'scope' must be 'CUSTOM' to specify 'addresses'.
Examples:
add portopening TCP 80 MyWebPort
add portopening UDP 500 IKE ENABLE ALL
add portopening ALL 53 DNS ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
add portopening protocol = TCP port = 80 name = MyWebPort
add portopening protocol = UDP port = 500 name = IKE mode = ENABLE scope = ALL
add portopening protocol = ALL port = 53 name = DNS mode = ENABLE
scope = CUSTOM addresses =
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
Deletes firewall configuration.
»netsh »firewall »delete
C:\Windows>netsh firewall delete ? The following commands are available: Commands in this context: delete allowedprogram - Deletes firewall allowed program configuration. delete portopening - Deletes firewall port configuration.
Deletes firewall allowed program configuration.
»netsh »firewall »delete »allowedprogram
C:\Windows>netsh firewall delete allowedprogram ?
delete allowedprogram
[ program = ] path
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Deletes firewall allowed program configuration.
Parameters:
program - Program path and file name.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Examples:
delete allowedprogram C:\MyApp\MyApp.exe
delete allowedprogram program = C:\MyApp\MyApp.exe
Deletes firewall port configuration.
»netsh »firewall »delete »portopening
C:\Windows>netsh firewall delete portopening ?
delete portopening
[ protocol = ] TCP|UDP|ALL
[ port = ] 1-65535
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Deletes firewall port configuration.
Parameters:
protocol - Port protocol.
TCP - Transmission Control Protocol (TCP).
UDP - User Datagram Protocol (UDP).
ALL - All protocols.
port - Port number.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not be specified together.
Examples:
delete portopening TCP 80
delete portopening UDP 500
delete portopening protocol = TCP port = 80
delete portopening protocol = UDP port = 500
Displays a configuration script.
»netsh »firewall »dump
C:\Windows>netsh firewall dump ?
Usage: dump
Remarks:
Creates a script that contains the current configuration. If saved to a
file, this script can be used to restore altered configuration settings.
Displays a list of commands.
»netsh »firewall »help
C:\Windows>netsh firewall help ?
Usage: help
Remarks:
Displays a list of commands.
Resets firewall configuration to default.
»netsh »firewall »reset
C:\Windows>netsh firewall reset ?
reset
Resets firewall configuration to default.
Remarks: Resetting the default settings will delete all settings for
Windows Firewall that you have made since Windows was
installed. This might cause some programs to stop working. Any
custom settings that you have made for Internet Connection
Sharing will be deleted and Internet Connection Sharing will be
disabled.
Sets firewall configuration.
»netsh »firewall »set
C:\Windows>netsh firewall set ? The following commands are available: Commands in this context: set allowedprogram - Sets firewall allowed program configuration. set icmpsetting - Sets firewall ICMP configuration. set logging - Sets firewall logging configuration. set multicastbroadcastresponse - Sets firewall multicast/broadcast response configuration. set notifications - Sets firewall notification configuration. set opmode - Sets firewall operational configuration. set portopening - Sets firewall port configuration. set service - Sets firewall service configuration.
Sets firewall allowed program configuration.
»netsh »firewall »set »allowedprogram
C:\Windows>netsh firewall set allowedprogram ?
set allowedprogram
[ program = ] path
[ [ name = ] name
[ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall allowed program configuration.
Parameters:
program - Program path and file name.
name - Program name (optional).
mode - Program mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Program scope (optional).
ALL - Allow all traffic through firewall (default).
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Remarks: 'scope' must be 'CUSTOM' to specify 'addresses'.
Examples:
set allowedprogram C:\MyApp\MyApp.exe MyApp ENABLE
set allowedprogram C:\MyApp\MyApp.exe MyApp DISABLE
set allowedprogram C:\MyApp\MyApp.exe MyApp ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
set allowedprogram program = C:\MyApp\MyApp.exe name = MyApp mode = ENABLE
set allowedprogram program = C:\MyApp\MyApp.exe name = MyApp mode = DISABLE
set allowedprogram program = C:\MyApp\MyApp.exe name = MyApp mode = ENABLE
scope = CUSTOM addresses =
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
Sets firewall ICMP configuration.
»netsh »firewall »set »icmpsetting
C:\Windows>netsh firewall set icmpsetting ?
set icmpsetting
[ type = ] 2-5|8-9|11-13|17|ALL
[ [ mode = ] ENABLE|DISABLE
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Sets firewall ICMP configuration.
Parameters:
type - ICMP type.
2 - Allow outbound packet too big.
3 - Allow outbound destination unreachable.
4 - Allow outbound source quench.
5 - Allow redirect.
8 - Allow inbound echo request.
9 - Allow inbound router request.
11 - Allow outbound time exceeded.
12 - Allow outbound parameter problem.
13 - Allow inbound timestamp request.
17 - Allow inbound mask request.
ALL - All types.
mode - ICMP mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not be specified together.
'type' 2 and 'interface' may not be specified together.
Examples:
set icmpsetting 8
set icmpsetting 8 ENABLE
set icmpsetting ALL DISABLE
set icmpsetting type = 8
set icmpsetting type = 8 mode = ENABLE
set icmpsetting type = ALL mode = DISABLE
Sets firewall logging configuration.
»netsh »firewall »set »logging
C:\Windows>netsh firewall set logging ?
set logging
[ [ filelocation = ] path
[ maxfilesize = ] 1-32767
[ droppedpackets = ] ENABLE|DISABLE
[ connections = ] ENABLE|DISABLE ]
Sets firewall logging configuration.
Parameters:
filelocation - Log path and file name (optional).
maxfilesize - Maximum log file size in kilobytes (optional).
droppedpackets - Dropped packet log mode (optional).
ENABLE - Log in firewall.
DISABLE - Do not log in firewall.
connections - Successful connection log mode (optional).
ENABLE - Log in firewall.
DISABLE - Do not log in firewall.
Remarks: At least one parameter must be specified.
Examples:
set logging %windir%\pfirewall.log 4096
set logging %windir%\pfirewall.log 4096 ENABLE
set logging filelocation = %windir%\pfirewall.log maxfilesize = 4096
set logging filelocation = %windir%\pfirewall.log maxfilesize = 4096
droppedpackets = ENABLE
Sets firewall multicast/broadcast response configuration.
»netsh »firewall »set »multicastbroadcastresponse
C:\Windows>netsh firewall set multicastbroadcastresponse ?
set multicastbroadcastresponse
[ mode = ] ENABLE|DISABLE
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall multicast/broadcast response configuration.
Parameters:
mode - Multicast/broadcast response mode.
ENABLE - Allow responses to multicast/broadcast traffic through the
firewall.
DISABLE - Do not allow responses to multicast/broadcast traffic
through the firewall.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Examples:
set multicastbroadcastresponse ENABLE
set multicastbroadcastresponse DISABLE
set multicastbroadcastresponse mode = ENABLE
set multicastbroadcastresponse mode = DISABLE
Sets firewall notification configuration.
»netsh »firewall »set »notifications
C:\Windows>netsh firewall set notifications ?
set notifications
[ mode = ] ENABLE|DISABLE
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall notification configuration.
Parameters:
mode - Notification mode.
ENABLE - Allow pop-up notifications from firewall.
DISABLE - Do not allow pop-up notifications from firewall.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Examples:
set notifications ENABLE
set notifications DISABLE
set notifications mode = ENABLE
set notifications mode = DISABLE
Sets firewall operational configuration.
»netsh »firewall »set »opmode
C:\Windows>netsh firewall set opmode ?
set opmode
[ mode = ] ENABLE|DISABLE
[ [ exceptions = ] ENABLE|DISABLE
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Sets firewall operational configuration.
Parameters:
mode - Operational mode.
ENABLE - Enable firewall.
DISABLE - Disable firewall.
exceptions - Exception mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not be specified together.
'exceptions' and 'interface' may not be specified together.
Examples:
set opmode ENABLE
set opmode ENABLE DISABLE
set opmode mode = ENABLE
set opmode mode = ENABLE exceptions = DISABLE
Sets firewall port configuration.
»netsh »firewall »set »portopening
C:\Windows>netsh firewall set portopening ?
set portopening
[ protocol = ] TCP|UDP|ALL
[ port = ] 1-65535
[ [ name = ] name
[ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Sets firewall port configuration.
Parameters:
protocol - Port protocol.
TCP - Transmission Control Protocol (TCP).
UDP - User Datagram Protocol (UDP).
ALL - All protocols.
port - Port number.
name - Port name (optional).
mode - Port mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Port scope (optional).
ALL - Allow all traffic through firewall (default).
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not be specified together.
'scope' and 'interface' may not be specified together.
'scope' must be 'CUSTOM' to specify 'addresses'.
Examples:
set portopening TCP 80 MyWebPort
set portopening UDP 500 IKE ENABLE ALL
set portopening ALL 53 DNS ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
set portopening protocol = TCP port = 80 name = MyWebPort
set portopening protocol = UDP port = 500 name = IKE mode = ENABLE scope = ALL
set portopening protocol = ALL port = 53 name = DNS mode = ENABLE
scope = CUSTOM addresses =
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
Sets firewall service configuration.
»netsh »firewall »set »service
C:\Windows>netsh firewall set service ?
set service
[ type = ] FILEANDPRINT|REMOTEADMIN|REMOTEDESKTOP|UPNP|ALL
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall service configuration.
Parameters:
type - Service type.
FILEANDPRINT - File and printer sharing.
REMOTEADMIN - Remote administration.
REMOTEDESKTOP - Remote assistance and remote desktop.
UPNP - UPnP framework.
ALL - All types.
mode - Service mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Service scope (optional).
ALL - Allow all traffic through firewall (default).
SUBNET - Allow only local network (subnet) traffic through firewall.
CUSTOM - Allow only specified traffic through firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Remarks: 'scope' ignored if 'mode' is DISABLE.
'scope' must be 'CUSTOM' to specify 'addresses'.
Examples:
set service FILEANDPRINT
set service REMOTEADMIN ENABLE SUBNET
set service REMOTEDESKTOP ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
set service type = FILEANDPRINT
set service type = REMOTEADMIN mode = ENABLE scope = SUBNET
set service type = REMOTEDESKTOP mode = ENABLE scope = CUSTOM addresses =
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
Shows firewall configuration.
»netsh »firewall »show
C:\Windows>netsh firewall show ? The following commands are available: Commands in this context: show allowedprogram - Shows firewall allowed program configuration. show config - Shows firewall configuration. show currentprofile - Shows current firewall profile. show icmpsetting - Shows firewall ICMP configuration. show logging - Shows firewall logging configuration. show multicastbroadcastresponse - Shows firewall multicast/broadcast response configuration. show notifications - Shows firewall notification configuration. show opmode - Shows firewall operational configuration. show portopening - Shows firewall port configuration. show service - Shows firewall service configuration. show state - Shows current firewall state.
Shows firewall allowed program configuration.
»netsh »firewall »show »allowedprogram
C:\Windows>netsh firewall show allowedprogram ?
show allowedprogram
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall allowed program configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show allowedprogram
show allowedprogram DISABLE
show allowedprogram ENABLE
show allowedprogram verbose = DISABLE
show allowedprogram verbose = ENABLE
Shows firewall configuration.
»netsh »firewall »show »config
C:\Windows>netsh firewall show config ?
show config
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show config
show config DISABLE
show config ENABLE
show config verbose = DISABLE
show config verbose = ENABLE
Shows current firewall profile.
»netsh »firewall »show »currentprofile
C:\Windows>netsh firewall show currentprofile ?
show currentprofile
Shows current firewall profile.
Shows firewall ICMP configuration.
»netsh »firewall »show »icmpsetting
C:\Windows>netsh firewall show icmpsetting ?
show icmpsetting
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall ICMP configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show icmpsetting
show icmpsetting DISABLE
show icmpsetting ENABLE
show icmpsetting verbose = DISABLE
show icmpsetting verbose = ENABLE
Shows firewall logging configuration.
»netsh »firewall »show »logging
C:\Windows>netsh firewall show logging ?
show logging
Shows firewall logging configuration.
Shows firewall multicast/broadcast response configuration.
»netsh »firewall »show »multicastbroadcastresponse
C:\Windows>netsh firewall show multicastbroadcastresponse ?
show multicastbroadcastresponse
Shows firewall multicast/broadcast response configuration.
Shows firewall notification configuration.
»netsh »firewall »show »notifications
C:\Windows>netsh firewall show notifications ?
show notifications
Shows firewall notification configuration.
Shows firewall operational configuration.
»netsh »firewall »show »opmode
C:\Windows>netsh firewall show opmode ?
show opmode
Shows firewall operational configuration.
Shows firewall port configuration.
»netsh »firewall »show »portopening
C:\Windows>netsh firewall show portopening ?
show portopening
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall port configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show portopening
show portopening DISABLE
show portopening ENABLE
show portopening verbose = DISABLE
show portopening verbose = ENABLE
Shows firewall service configuration.
»netsh »firewall »show »service
C:\Windows>netsh firewall show service ?
show service
[ [ verbose = ] DISABLE|ENABLE ]
Shows firewall service configuration.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show service
show service DISABLE
show service ENABLE
show service verbose = DISABLE
show service verbose = ENABLE
Shows current firewall state.
»netsh »firewall »show »state
C:\Windows>netsh firewall show state ?
show state
[ [ verbose = ] DISABLE|ENABLE ]
Shows current firewall state.
Parameters:
verbose - Verbose mode (optional).
DISABLE - Display only summary information (default).
ENABLE - Display all available information.
Examples:
show state
show state DISABLE
show state ENABLE
show state verbose = DISABLE
show state verbose = ENABLE
- br -/- cn -/- cz -/- de -/- dk -/- en -/- es -/- fr -/- gr -/- hu -/- it -/- jp -/- kr -/- no -/- pl -/- pt -/- ru -/- tr -/- tw -
