How to configure Windows firewall from the command line
Windows firewall settings can be managed from the Windows Defender Firewall interface in Control Panel. You can also manage Windows firewall configuration from the command prompt by using the netsh command. On the other hand, firewalls and related services can be managed using sc command.
You can manage your Windows 11 firewall configuration and services using netsh and sc command from a Command prompt that runs as an administrator.
Steps to configure Windows 11 firewall from command prompt:
- Launch command prompt with Administrator privilege.
- Start and stop firewall service using netsh.
netsh firewall set opmode DISABLE netsh firewall set opmode ENABLE
- Allow and deny ports using netsh.
netsh firewall add portopening TCP _port_number_ _name_ DISABLE ALL netsh firewall add portopening TCP 3264 CCMAIL DISABLE ALL netsh firewall add portopening TCP _port_number_ _name_ ENABLE ALL netsh firewall add portopening TCP 8443 PLESK-ADMIN ENABLE ALL
- Allow and deny programs using netsh.
Programs to not allow TCP/UDP Socket Connections netsh firewall add allowedprogram _path_ _name_ DISABLE ALL netsh firewall add allowedprogram C:\WINDOWS\Cluster\CluAdmin.exe CLUSTER-ADMIN DISABLE ALL
- Configure ICMP settings using netsh.
Allow outbound packet too big 2 Allow outbound destination unreachable 3 Allow outbound source quench 4 Allow redirect 5 Allow inbound echo request 8 Allow inbound router request 9 Allow outbound time exceeded 11 Allow outbound parameter problem 12 Allow inbound timestamp request 13 Allow inbound mask request 17 netsh firewall set icmpsetting 2 DISABLE
- Allow and deny multicast rules using netsh.
netsh firewall set multicastbroadcastresponse DISABLE
- Allow and deny desktop popup using netsh.
netsh firewall set notifications DISABLE
- Allow and deny network services using netsh.
netsh firewall set service REMOTEDESKTOP ENABLE
- Configure firewall loging using netsh.
netsh firewall set logging _path_ _size_ ENABLE netsh firewall set logging C:\WINDOWS\system32\LogFiles\firewall.log 4096 ENABLE
- Load IPSec backup configuration using netsh.
netsh -f filename
- Configure firewall reporting using netsh and sc.
netsh firewall show config verbose = ENABLE netsh firewall show state verbose = ENABLE sc qc SharedAccess
- Start and stop Windows Firewall/Internet Connection Sharing (ICS) using sc.
sc start SharedAccess sc config SharedAccess start= auto
- Start and stop IPSec using sc.
sc start PolicyAgent sc config PolicyAgent start= auto
- Start and stop WinDefend (Windows Defender) using sc.
sc start WinDefend sc config WinDefend start= auto
Must manually configure the firewall to first start. Automated attempts at starting the firewall will cause it to come online with deny all / everything total lock down.
Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a skilled cloud architect with a background in development, entrepreneurship, and open-source advocacy. As the founder of Simplified Guide, he helps others understand the complexities of computing, making tech concepts accessible to all.
Mohd Shakir Zakaria is a skilled cloud architect with a background in development, entrepreneurship, and open-source advocacy. As the founder of Simplified Guide, he helps others understand the complexities of computing, making tech concepts accessible to all.
Discuss the article:
Comment anonymously. Login not required.