Configuring the Windows firewall using the command line allows IT professionals to manage firewall settings efficiently. The command line provides direct control over enabling or disabling the firewall, configuring ports, and managing ICMP settings. This method simplifies the process and ensures consistent configuration across systems.
Using the netsh and sc commands, administrators can also control services related to the firewall. This includes starting, stopping, and configuring services like Internet Connection Sharing (ICS) and IPSec. Command-line control of these services ensures that the firewall operates in harmony with network security policies.
Advanced configurations are also possible through the command line. This includes managing multicast responses, adjusting desktop notifications, and configuring firewall logging. Command-line management reduces the risk of errors and simplifies the maintenance of secure network environments.
Steps to configure Windows 11 firewall from command prompt:
- Disable Windows firewall using netsh.
netsh advfirewall set allprofiles state off
- Enable Windows firewall using netsh.
netsh advfirewall set allprofiles state on
- Allow specific ports through the firewall using netsh.
netsh advfirewall firewall add rule name="Allow Port 8080" protocol=TCP dir=in localport=8080 action=allow
- Block specific ports through the firewall using netsh.
netsh advfirewall firewall add rule name="Block Port 8080" protocol=TCP dir=in localport=8080 action=block
- Allow a program through the firewall using netsh.
netsh advfirewall firewall add rule name="Allow Program" dir=in action=allow program="C:\path\to\program.exe"
- Block a program through the firewall using netsh.
netsh advfirewall firewall add rule name="Block Program" dir=in action=block program="C:\path\to\program.exe"
- Disable ICMP echo request (ping) using netsh.
netsh advfirewall firewall add rule name="Block ICMPv4 In" protocol=icmpv4:8,any dir=in action=block
- Enable ICMP echo request (ping) using netsh.
netsh advfirewall firewall add rule name="Allow ICMPv4 In" protocol=icmpv4:8,any dir=in action=allow
- Disable multicast broadcast responses using netsh.
netsh advfirewall set multicastbroadcastresponse disable
- Enable multicast broadcast responses using netsh.
netsh advfirewall set multicastbroadcastresponse enable
- Disable desktop notifications for firewall actions using netsh.
netsh advfirewall set currentprofile firewallpolicy blockinbound,blockoutbound
- Enable desktop notifications for firewall actions using netsh.
netsh advfirewall set currentprofile firewallpolicy allowinbound,allowoutbound
- Enable remote desktop through the firewall using netsh.
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
- Disable remote desktop through the firewall using netsh.
netsh advfirewall firewall set rule group="remote desktop" new enable=No
- Enable firewall logging using netsh.
netsh advfirewall set currentprofile logging filename "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" maxfilesize=4096
- Load IPSec backup configuration using netsh.
netsh -f C:\path\to\ipsec-backup.txt
- View current firewall configuration using netsh.
netsh advfirewall show allprofiles
- View the state of firewall rules using netsh.
netsh advfirewall firewall show rule name=all
- Start Internet Connection Sharing (ICS) service using sc.
sc start SharedAccess
- Stop Internet Connection Sharing (ICS) service using sc.
sc stop SharedAccess
- Set IPSec service to start automatically using sc.
sc config PolicyAgent start= auto
- Start IPSec service using sc.
sc start PolicyAgent
- Set Windows Defender service to start automatically using sc.
sc config WinDefend start= auto
- Start Windows Defender service using sc.
sc start WinDefend
- Restore default firewall settings using netsh.
netsh advfirewall reset
- Delete a specific firewall rule using netsh.
netsh advfirewall firewall delete rule name="Block Port 8080"
- Backup current firewall configuration using netsh.
netsh advfirewall export "C:\path\to\backup.wfw"
- Import a firewall configuration using netsh.
netsh advfirewall import "C:\path\to\backup.wfw"
- Allow inbound traffic on all ports for a specific IP using netsh.
netsh advfirewall firewall add rule name="Allow Inbound from Specific IP" dir=in action=allow remoteip=192.168.1.100
- Block outbound traffic on all ports for a specific IP using netsh.
netsh advfirewall firewall add rule name="Block Outbound to Specific IP" dir=out action=block remoteip=192.168.1.100
- Check the status of the firewall using netsh.
netsh advfirewall show allprofiles state
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.