netsh advfirewall firewall to control Windows Firewall behavior in Windows Server 2008

最新推荐文章于 2023-03-21 08:54:58 发布
最新推荐文章于 2023-03-21 08:54:58 发布
阅读量625 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/allway2/article/details/103656361
版权

How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista

Applies to: Windows Server 2008 EnterpriseWindows Server 2008 DatacenterWindows Server 2008 Standard More

INTRODUCTION

The netsh advfirewall firewall command-line context is available in Windows Server 2008 and in Windows Vista. This context provides the functionality for controlling Windows Firewall behavior that was provided by the netsh firewall context in earlier Windows operating systems.

This context also provides functionality for more precise control of firewall rules. These rules include the following per-profile settings:

  • Domain
  • Private
  • Public

The netsh firewall command-line context might be deprecated in a future version of the Windows operating system. We recommend that you use the netsh advfirewall firewall context to control firewall behavior.

Note The netsh firewall command line is not recommended for use in Windows Vista.

This article describes how to use the netsh advfirewall firewall context instead of the netsh firewall context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista.

More Information

Important If you are a member of the Administrators group, and User Account Control is enabled on your computer, run the commands from a command prompt with elevated permissions. To start a command prompt with elevated permissions, find the icon or Start menu entry that you use to start a command prompt session, right-click it, and then click Run as administrator.

Some examples of frequently used commands are provided in the following tables. You can use these examples to help you migrate from the older netsh firewall context to the new netsh advfirewall firewall context.

Additionally, the netsh advfirewall commands that you can use to obtain detailed inline help are provided.

Example 1: Enable a program

Old commandNew command
netsh firewall add allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLEnetsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes
netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=Domainnetsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain
netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=ALLRun the following commands:

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private

For more information about how to add firewall rules, run the following command:

netsh advfirewall firewall add rule ?

Example 2: Enable a port

Old commandNew command
netsh firewall add portopening TCP 80 "Open Port 80"netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80

For more information about how to add firewall rules, run the following command:

netsh advfirewall firewall add rule ?

Example 3: Delete enabled programs or ports

Old commandNew command
netsh firewall delete allowedprogram C:\MyApp\MyApp.exenetsh advfirewall firewall delete rule name=rule name program="C:\MyApp\MyApp.exe"
delete portopening protocol=UDP port=500netsh advfirewall firewall delete rule name=rule name protocol=udp localport=500

For more information about how to delete firewall rules, run the following command:

netsh advfirewall firewall delete rule ?

Example 4: Configure ICMP settings

Old commandNew command
netsh firewall set icmpsetting 8netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
netsh firewall set icmpsetting type=ALL mode=enablenetsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow
netsh firewall set icmpsetting 13 disable allnetsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block

For more information about how to configure ICMP settings, run the following command:

netsh advfirewall firewall add rule ?

Example 5: Set logging

Old commandNew command
netsh firewall set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 4096 ENABLE ENABLERun the following commands:

netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log

netsh advfirewall set currentprofile logging maxfilesize 4096
netsh advfirewall set currentprofile logging droppedconnections enable

netsh advfirewall set currentprofile logging allowedconnections enable

For more information, run the following command:

netsh advfirewall set currentprofile ?

If you want to set logging for a particular profile, use one of the following options instead of the "currentprofile" option:

  • Domainprofile
  • Privateprofile
  • Publicprofile

Example 6: Enable Windows Firewall

Old commandNew command
netsh firewall set opmode ENABLEnetsh advfirewall set currentprofile state on
netsh firewall set opmode mode=ENABLE exceptions=enableRun the following commands:

Netsh advfirewall set currentprofile state on


netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound
netsh firewall set opmode mode=enable exceptions=disable profile=domainRun the following commands:

Netsh advfirewall set domainprofile state on


netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound
netsh firewall set opmode mode=enable profile=ALLRun the following commands:

netsh advfirewall set domainprofile state on


netsh advfirewall set privateprofile state on

For more information, run the following command:

netsh advfirewall set currentprofile ?

If you want to set the firewall state for a particular profile, use one of the following options instead of the "currentprofile" option:

  • Domainprofile
  • Privateprofile
  • Publicprofile

Example 7: Restore policy defaults

Old commandNew command
netsh firewall resetnetsh advfirewall reset

For more information, run the following command:

netsh advfirewall reset ?

Example 8: Enable specific services

Old commandNew command
netsh firewall set service FileAndPrintnetsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
netsh firewall set service RemoteDesktop enablenetsh advfirewall firewall set rule group="remote desktop" new enable=Yes
netsh firewall set service RemoteDesktop enable profile=ALLRun the following commands:

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=private

Last Updated: Mar 16, 2019

allway2
关注
Windows防火墙打开关闭命令(端口策略)
墨痕诉清风的博客
03-26 5288
Windows防火墙打开关闭命令
Windows Server 2008 R2 Datacenter 安装 pgsql9.6.20、OpenSSH,开启远程协助
最新发布
2301_78731306的博客
02-22 755
直接点击安装pgsql会报 There has been an error An error occured executing the Microsoft VC++ runtime installer 这个错误,大概意思是没有vc环境,直接在安装包路径下打开cmd,运行命令 postgresql-9.6.20-1-windows-x64.exe --install_runtimes 0,即可进入安装。这是下载链接,下载完了直接解压安装就好了,步骤很简单就不说了。
Disable Windows Firewall with command
weixin_34363171的博客
08-16 115
OpenanAdministrator:CommandPrompt.Todoso,clickStart,clickAllPrograms,clickAccessories,right-clickCommandPrompt,andthenclickRunasadministrator.如果出现“用户帐户控制”对话框,请确认所显示的是...
MySQL 8 安装Starting the server安装失败
杀神lwz的博客
01-15 1万+
一、安装Starting the server安装失败 Logtab信息 Beginning configuration step: Writing configuration file Saving my.ini configuration file... Saved my.ini configuration file. Ended configuration step: Writing configuration file Beginning configuration step: ...
mysql 安装时初始化数据库一直失败
tczzx的博客
03-21 3354
mysqld: File '.\婵犮垹鐏堥弲婊勬櫠閻樼粯鎲ユ俊顖涘绾捐棄銆?
安装mysql 1042错误
陈熙之的博客
04-02 2万+
日志: Beginning configuration step: Writing configuration file Ended configuration step: Writing configuration file Beginning configuration step: Updating Windows Firewall rules Attempting to delete...
mysql报Aborting_进行mysql集成安装,失败了。。报了如下错误,请帮忙看看该怎么做...
weixin_39922476的博客
01-26 875
Beginning configuration step: Writing configuration fileEnded configuration step: Writing configuration fileBeginning configuration step: Updating Windows Firewall rulesAttempting to delete a Windows ...
firewall记录
lbyyy的专栏
07-27 607
firewall cmd do
用命令提示符修改计算机配置,通过命令行设置和修改windows防火墙策略
weixin_42522575的博客
07-09 1166
经常有小伙伴需要批量添加或修改防火墙策略,下面附上用命令行添加修改防火墙策略的说明,后附例子,包括详细的针对IP地址限制的策略测试环境windows server2012,1、添加防火墙策略添加策略采用netsh advfirewall firewall add来添加策略用法: add rule name=dir=in|outaction=allow|block|bypass[program=]...
python中,一个函数涉及到多个双引号,例如os.system("netsh advfirewall firewall add rule dir=in action=block name=stu_in program="C:\Program Files (x86)\Lenovo teaching systeam\student.exe"")怎么解决
06-02
os.system('netsh advfirewall firewall add rule dir=in action=block name=stu_in program="C:\\Program Files (x86)\\Lenovo teaching systeam\\student.exe"') ``` 或者使用转义字符将双引号进行转义,例如: ...
conds before the next connection attempt Retry 5: Attempting to connect to Mysql@localhost:3306 w
猫头虎:授渔优于赠鱼,兴趣引领智慧,探索之乐尤显珍贵。商务合作:Libin9iOak,共赴知识与乐趣的探索之旅!
06-01 1882
Adding a Windows Firewall rule for MySQL80 on port 33060. conds before the next connection attempt… Retry 5: Attempting to connect to Mysql@localhost:3306 w Attempting to add a Windows Firewall rule with command: netsh.exe advfirewall firewall add rule nam
Windows——使用命令行建立防火墙规则,禁止指定程序连网
浅浅的博客
03-06 8303
实验环境:虚拟机Win7 禁用程序:火狐浏览器 实验步骤: 1、右击 '火狐浏览器',点击 '属性' ,如下图所示,获取 '火狐浏览器' 的路径。 2、以管理员身份运行cmd,输入命令 netsh advfirewall firewall add rule name="新规则名称" dir=out program="禁止程序的路径" action=block ...
Mysql8.0.16安装时出现的Database initialization failed解决方法
热门推荐
西门吹雪
06-12 2万+
1、安装mysql8.016时到最后一步时,如下图,出现了小红点无法往下执行了,这是安装时出现的问题。 2、问题分析及解决办法 查看log,log的内容如下,我把log全部贴出来了,我们只看最后几行即可。 Beginning configuration step: Writing configuration file Saving my.ini configuration file... Saved my.ini configuration file. Ended configuration ste
netsh advfirewall
weixin_33795743的博客
07-14 797
微软详细解释:http://technet.microsoft.com/zh-cn/library/dd734783.aspxWindows 防火墙: 保护所有网络连接 已启用Windows 防火墙: 不允许例外 已禁用Windows 防火墙: 定义程序例外 已启用Windows 防火墙: 允许本地程序例外 已禁用Windows 防火...
使用命令行建立防火墙规则阻止特定程序联网
橘子女侠
03-06 8464
实验目的 通过命令设置防火墙规则阻止火狐浏览器上网; 实验步骤 1. 火狐浏览器的路径如下所示: 2. 以管理员运行cmd,设置防火墙策略,阻止火狐浏览器上网 命令如下: netsh advfirewall firewall add rule name="nohhie" dir=out program="程序路径 " action=block 3. 查看新建的防火墙...
Windows防火墙Netsh十大命令
allway2的博客
12-22 6190
10.查询防火墙规则:使用netsh可能需要做的第一件事是发现Windows防火墙的当前配置属性。您可以使用以下netsh命令查询Windows防火墙设置: netsh advfirewall firewall show rule name=all 9.启用和禁用Windows防火墙:通常最好的做法是保持Windows防火墙启用,但是有时在执行测试或设置新应用程序时,需要关闭Win...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值