Windows firewall settings can be managed from the Windows Defender Firewall interface in Control Panel. You can also manage Windows firewall configuration from the command prompt by using the netsh command. Firewall and related services on the other hand can be managed using sc command.

You can manage your Windows 11 firewall configuration and services using netsh and sc command from a Command prompt that runs as an administrator.

Steps to configure Windows 11 firewall from command prompt:

  1. Launch command prompt with Administrator privilege.
  2. Start and stop firewall service using netsh.
    netsh firewall set opmode DISABLE
    netsh firewall set opmode ENABLE
  3. Allow and deny ports using netsh.
    netsh firewall add portopening TCP _port_number_ _name_ DISABLE ALL
    netsh firewall add portopening TCP 3264 CCMAIL DISABLE ALL
    
    netsh firewall add portopening TCP _port_number_ _name_ ENABLE ALL
    netsh firewall add portopening TCP 8443 PLESK-ADMIN ENABLE ALL
  4. Allow and deny programs using netsh.
    Programs to not allow TCP/UDP Socket Connections
    netsh firewall add allowedprogram _path_ _name_ DISABLE ALL
    netsh firewall add allowedprogram C:\WINDOWS\Cluster\CluAdmin.exe CLUSTER-ADMIN DISABLE ALL
  5. Configure ICMP settings using netsh.
    Allow outbound packet too big 2
    Allow outbound destination unreachable 3
    Allow outbound source quench 4
    Allow redirect 5
    Allow inbound echo request 8
    Allow inbound router request 9
    Allow outbound time exceeded 11
    Allow outbound parameter problem 12
    Allow inbound timestamp request 13
    Allow inbound mask request 17
    
    netsh firewall set icmpsetting 2 DISABLE
  6. Allow and deny multicast rules using netsh.
    netsh firewall set multicastbroadcastresponse DISABLE
  7. Allow and deny desktop popup using netsh.
    netsh firewall set notifications DISABLE
  8. Allow and deny network services using netsh.
    netsh firewall set service REMOTEDESKTOP ENABLE
  9. Configure firewall loging using netsh.
    netsh firewall set logging _path_ _size_ ENABLE
    netsh firewall set logging C:\WINDOWS\system32\LogFiles\firewall.log 4096 ENABLE
  10. Load IPSec backup configuration using netsh.
    netsh -f filename
  11. Configure firewall reporting using netsh and sc.
    netsh firewall show config verbose = ENABLE
    netsh firewall show state verbose = ENABLE
    sc qc SharedAccess
  12. Start and stop Windows Firewall/Internet Connection Sharing (ICS) using sc.
    sc start SharedAccess
    sc config SharedAccess start= auto
  13. Start and stop IPSec using sc.
    sc start PolicyAgent
    sc config PolicyAgent start= auto
  14. Start and stop WinDefend (Windows Defender) using sc.
    sc start WinDefend
    sc config WinDefend start= auto

Must manually configure the firewall to first start. Automated attempts at starting the firewall will cause it to come online with deny all / everything total lock down.

Discuss the article:

Comment anonymously. Login not required.

Share!