简介
netsh advfirewall firewall 命令行在Windows Vista 和 Windows Server 2008 中可用。
它提供了用于控制 Windows 防火墙行为的功能。
在早期版本的 Windows
<包含Win7>
操作系统中应该使用
netsh firewall 命令。
新版本的命令行提供了更精确地控制的防火墙规则的功能,这些规则包括以下的每个配置文件设置︰
- 域(Domain)
- 私有(Private)
- 公共(Public)
需要以管理员身份运行
Old command 针对Win7以下版本<包含Win7>
详细信息
示例 1︰ 启用程序
Old command | New command |
---|---|
netsh firewall add allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLE | netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes |
netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=Domain | netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain |
netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=ALL | Run the following commands: netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private |
示例 2︰ 启用端口
Old command | New command |
---|---|
netsh firewall add portopening TCP 80 "Open Port 80" | netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80 |
netsh advfirewall firewall add rule ?
示例 3︰ 删除启用的程序或端口
Old command | New command |
---|---|
netsh firewall delete allowedprogram C:\MyApp\MyApp.exe | netsh advfirewall firewall delete rule name=rule name program="C:\MyApp\MyApp.exe" |
delete portopening protocol=UDP port=500 | netsh advfirewall firewall delete rule name=rule name protocol=udp localport=500 |
示例 4︰ 配置 ICMP 设置
Old command | New command |
---|---|
netsh firewall set icmpsetting 8 | netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow |
netsh firewall set icmpsetting type=ALL mode=enable | netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow |
netsh firewall set icmpsetting 13 disable all | netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block |
示例 5︰设置日志记录
Old command | New command |
---|---|
netsh firewall set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 4096 ENABLE ENABLE | Run the following commands: netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log netsh advfirewall set currentprofile logging maxfilesize 4096 netsh advfirewall set currentprofile logging droppedconnections enable netsh advfirewall set currentprofile logging allowedconnections enable |
currentprofile 可以使用/Domainprofile/Privateprofile/Publicprofile/选项替换
示例 6︰ 启用 Windows 防火墙
Old command | New command |
---|---|
netsh firewall set opmode ENABLE | netsh advfirewall set currentprofile state on |
netsh firewall set opmode mode=ENABLE exceptions=enable | Run the following commands: Netsh advfirewall set currentprofile state on netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound |
netsh firewall set opmode mode=enable exceptions=disable profile=domain | Run the following commands: Netsh advfirewall set domainprofile state on netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound |
netsh firewall set opmode mode=enable profile=ALL | Run the following commands: netsh advfirewall set domainprofile state on netsh advfirewall set privateprofile state on |
currentprofile 可以使用/Domainprofile/Privateprofile/Publicprofile/选项替换
示例 7︰ 还原默认策略设置
Old command | New command |
---|---|
netsh firewall reset | netsh advfirewall reset |
例如 8︰ 启用特定服务
Old command | New command |
---|---|
netsh firewall set service FileAndPrint | netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes |
netsh firewall set service RemoteDesktop enable | netsh advfirewall firewall set rule group="remote desktop" new enable=Yes |
netsh firewall set service RemoteDesktop enable profile=ALL | Run the following commands: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=private |