22/6/2014 Top 10: Windows Firewall Netsh Commands | Windows Server content from Windows IT Pro

http://windowsitpro.com/windows-server/top-10-windows-firewall-netsh-commands 1/3
Feb 21, 2012
EMAIL
Tweet COMMENTS
0
Advertisement
Top 10: Windows Firewall Netsh Commands
Configure Windows Server networking and firewall functions from the
command line
Michael Otey | Windows IT Pro
Everyone has probably heard that Windows Server 2012
will add around 2,300 new Windows PowerShell
commands. Today, however, PowerShell still works with
just a subset of the Windows Server management
functions. One area that it doesn't directly touch is the
ability to configure Windows Server networking and
firewall functions, for which you need to use the venerable
netsh commands. Even with the advent of PowerShell,
netsh has continued to evolve, and it's particularly useful for configuring Windows Server
Core.
Related: Network Configuration Tasks with Netsh
In this column, I'll show you 10 handy netsh commands you can use to query and
configure your Windows Firewall settings. It's worth noting that you can call these netsh
commands from within your PowerShell scripts.
10. Query firewall rules: One of the first things you'll probably need to use netsh for is
to discover Windows Firewall's current configuration properties. You can query Windows
Firewall settings using the following netsh command:

netsh advfirewall firewall show rule name=all
9. Enable and disable Windows Firewall: It's typically a best practice to leave
Windows Firewall enabled, but sometimes when you're performing testing or setting up
new applications, you need to turn Windows Firewall off for a period. The following
commands illustrate how to turn Windows Firewall off and then back on:

netsh advfirewall set allprofiles state on
netsh advfirewall set allprofiles state off
8. Reset Windows Firewall: If you make a mistake configuring Windows Firewall,
you might want to use the following netsh command to reset it back to its default
settings:

netsh advfirewall reset
7. Set logging: The default path for the Windows Firewall log files is
Brought to You By:


HOME > WI NDOWS > WI NDOWS SERVER > TOP 10: WI NDOWS FI REWALL NETSH COMMANDS
SHARE 6 Recommend
Connections Conference Forums VIP Store
Twitter Facebook Google+ LinkedIn RSS
Windows Exchange Server SharePoint Virtualization Cloud Systems Management Training InfoCenters
Windows IT Pro
REGISTER LOG IN
22/6/2014 Top 10: Windows Firewall Netsh Commands | Windows Server content from Windows IT Pro
http://windowsitpro.com/windows-server/top-10-windows-firewall-netsh-commands 2/3
\Windows\system32\LogFiles\Firewall\pfirewall.log. The netsh command below
changes the location of the log file to the C:\temp directory:

netsh advfirewall set currentprofile logging filename "C:\temp\pfirewall.log"
6. Allow and prevent ping: You can use netsh to control how and if a given system
responds to ping requests. The following two netsh commands show how you can block
and then open Windows Firewall to ping requests:

netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=block
protocol=icmpv4
netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow
protocol=icmpv4
5. Enable and delete a port: One of the most common things you need to do with
Windows Firewall is open ports that are used by different programs. The following
examples show how to use netsh to create a rule to open and then close port 1433, which
is used by Microsoft SQL Server:

netsh advfirewall firewall add rule name="Open SQL Server Port 1433" dir=in
action=allow protocol=TCP localport=1433
netsh advfirewall firewall delete rule name="Open SQL Server Port 1433"
protocol=tcp localport=1433
4. Enable a program: Another common task is opening Windows Firewall for a given
program. The following example illustrates how to add a rule that enables Windows Live
Messenger to work through Windows Firewall:

netsh advfirewall firewall add rule name="Allow Messenger" dir=in action=allow
program="C:\programfiles\messenger\msnmsgr.exe"
3. Enable remote management: Another common requirement, especially when
you're setting up new systems, is to enable remote management so that tools such as the
Microsoft Management Console can connect to remote systems. To open Windows
Firewall for remote management, you can use the following command:

netsh advfirewall firewall set rule group="remote administration" new enable=yes
2. Enable Remote Desktop Connection: One of the first things I do with most of the
server systems I set up is enable Remote Desktop Connection for easy remote systems
management. The following command shows how to use netsh to open Windows
Firewall for Remote Desktop Connections:

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
1. Export and import firewall settings: After you get Windows Firewall configured,
it's a good idea to export your settings so that you can easily reapply them later or import
them into another system. In the following netsh commands, you can see how to export
and then import your Windows Firewall configuration:
netsh advfirewall export "C:\temp\WFconfiguration.wfw"
netsh advfirewall import "C:\temp\WFconfiguration.wfw"
Learn more: Netsh Command Syntax for the Netsh Firewall Context
22/6/2014 Top 10: Windows Firewall Netsh Commands | Windows Server content from Windows IT Pro
http://windowsitpro.com/windows-server/top-10-windows-firewall-netsh-commands 3/3
Site Features
Contact Us
Awards
Community Sponsors
Media Center
RSS
Sitemap
Site Archive
View Mobile Site
Twitter Facebook Google+ LinkedIn RSS
Penton
Privacy Policy
Terms of Service
Advertise
Follow Us
Search WindowsITPro.com
Dev Pro SharePoint Pro SQL Server Pro SuperSite for Windows IT/Dev Connections
WindowsITPro.com
Windows Exchange Server SharePoint Virtualization Cloud Systems Management
Related Sites
Copy right © 201 4 Penton
PRINT REPRINTS FAVORITE EMAIL
Tweet
Please Log In or Register to post comments.
Related Articles
Q: What firewall ports should we open to make IPSec work through our firewalls?
Q: How can I disable or enable the Windows Firewall for a specific network connection?
Top Ten: Windows 7 Magic Search Commands
Top 10: Windows Phone 7 Enterprise Features
5
Q: What are some simple tips for testing and troubleshooting Windows event forwarding and
collection?
SHARE 6 Recommend

Sign up to vote on this title
UsefulNot useful