Windows防火墙命令行手册
netsh advfirewall firewall 命令行在Windows Vista 和 Windows Server 2008 中可用。
它提供了用于控制 Windows 防火墙行为的功能。
示例 1︰ 启用程序
Old command | New command |
---|---|
netsh firewall add allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLE | netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes |
netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=Domain | netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain |
netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=ALL | Run the following commands: netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private |
示例 2︰ 启用端口
Old command | New command |
---|---|
netsh firewall add portopening TCP 80 "Open Port 80" | netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80 |
netsh advfirewall firewall add rule ?
示例 3︰ 删除启用的程序或端口
Old command | New command |
---|---|
netsh firewall delete allowedprogram C:\MyApp\MyApp.exe | netsh advfirewall firewall delete rule name=rule nameprogram="C:\MyApp\MyApp.exe" |
delete portopening protocol=UDP port=500 | netsh advfirewall firewall delete rule name=rule name protocol=udp localport=500 |
示例 4︰ 配置 ICMP 设置
Old command | New command |
---|---|
netsh firewall set icmpsetting 8 | netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request"protocol=icmpv4:8,any dir=in action=allow |
netsh firewall set icmpsetting type=ALL mode=enable | netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow |
netsh firewall set icmpsetting 13 disable all | netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block |
示例 5︰设置日志记录
Old command | New command |
---|---|
netsh firewall set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 4096 ENABLE ENABLE | Run the following commands: netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log netsh advfirewall set currentprofile logging maxfilesize 4096 netsh advfirewall set currentprofile logging droppedconnections enable netsh advfirewall set currentprofile logging allowedconnections enable |
currentprofile 可以使用/Domainprofile/Privateprofile/Publicprofile/选项替换
示例 6︰ 启用 Windows 防火墙
Old command | New command |
---|---|
netsh firewall set opmode ENABLE | netsh advfirewall set currentprofile state on |
netsh firewall set opmode mode=ENABLE exceptions=enable | Run the following commands: Netsh advfirewall set currentprofile state on netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound |
netsh firewall set opmode mode=enable exceptions=disable profile=domain | Run the following commands: Netsh advfirewall set domainprofile state on netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound |
netsh firewall set opmode mode=enable profile=ALL | Run the following commands: netsh advfirewall set domainprofile state on netsh advfirewall set privateprofile state on |
currentprofile 可以使用/Domainprofile/Privateprofile/Publicprofile/选项替换
示例 7︰ 还原默认策略设置
Old command | New command |
---|---|
netsh firewall reset | netsh advfirewall reset |
例如 8︰ 启用特定服务
Old command | New command |
---|---|
netsh firewall set service FileAndPrint | netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes |
netsh firewall set service RemoteDesktop enable | netsh advfirewall firewall set rule group="remote desktop" new enable=Yes |
netsh firewall set service RemoteDesktop enable profile=ALL | Run the following commands: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=private |