Configuring the Windows firewall using the command line allows IT professionals to manage firewall settings efficiently. The command line provides direct control over enabling or disabling the firewall, configuring ports, and managing ICMP settings. This method simplifies the process and ensures consistent configuration across systems.

Using the netsh and sc commands, administrators can also control services related to the firewall. This includes starting, stopping, and configuring services like Internet Connection Sharing (ICS) and IPSec. Command-line control of these services ensures that the firewall operates in harmony with network security policies.

Advanced configurations are also possible through the command line. This includes managing multicast responses, adjusting desktop notifications, and configuring firewall logging. Command-line management reduces the risk of errors and simplifies the maintenance of secure network environments.

Steps to configure Windows 11 firewall from command prompt:

  1. Disable Windows firewall using netsh.
    netsh advfirewall set allprofiles state off
  2. Enable Windows firewall using netsh.
    netsh advfirewall set allprofiles state on
  3. Allow specific ports through the firewall using netsh.
    netsh advfirewall firewall add rule name="Allow Port 8080" protocol=TCP dir=in localport=8080 action=allow
  4. Block specific ports through the firewall using netsh.
    netsh advfirewall firewall add rule name="Block Port 8080" protocol=TCP dir=in localport=8080 action=block
  5. Allow a program through the firewall using netsh.
    netsh advfirewall firewall add rule name="Allow Program" dir=in action=allow program="C:\path\to\program.exe"
  6. Block a program through the firewall using netsh.
    netsh advfirewall firewall add rule name="Block Program" dir=in action=block program="C:\path\to\program.exe"
  7. Disable ICMP echo request (ping) using netsh.
    netsh advfirewall firewall add rule name="Block ICMPv4 In" protocol=icmpv4:8,any dir=in action=block
  8. Enable ICMP echo request (ping) using netsh.
    netsh advfirewall firewall add rule name="Allow ICMPv4 In" protocol=icmpv4:8,any dir=in action=allow
  9. Disable multicast broadcast responses using netsh.
    netsh advfirewall set multicastbroadcastresponse disable
  10. Enable multicast broadcast responses using netsh.
    netsh advfirewall set multicastbroadcastresponse enable
  11. Disable desktop notifications for firewall actions using netsh.
    netsh advfirewall set currentprofile firewallpolicy blockinbound,blockoutbound
  12. Enable desktop notifications for firewall actions using netsh.
    netsh advfirewall set currentprofile firewallpolicy allowinbound,allowoutbound
  13. Enable remote desktop through the firewall using netsh.
    netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
  14. Disable remote desktop through the firewall using netsh.
    netsh advfirewall firewall set rule group="remote desktop" new enable=No
  15. Enable firewall logging using netsh.
    netsh advfirewall set currentprofile logging filename "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" maxfilesize=4096
  16. Load IPSec backup configuration using netsh.
    netsh -f C:\path\to\ipsec-backup.txt
  17. View current firewall configuration using netsh.
    netsh advfirewall show allprofiles
  18. View the state of firewall rules using netsh.
    netsh advfirewall firewall show rule name=all
  19. Start Internet Connection Sharing (ICS) service using sc.
    sc start SharedAccess
  20. Stop Internet Connection Sharing (ICS) service using sc.
    sc stop SharedAccess
  21. Set IPSec service to start automatically using sc.
    sc config PolicyAgent start= auto
  22. Start IPSec service using sc.
    sc start PolicyAgent
  23. Set Windows Defender service to start automatically using sc.
    sc config WinDefend start= auto
  24. Start Windows Defender service using sc.
    sc start WinDefend
  25. Restore default firewall settings using netsh.
    netsh advfirewall reset
  26. Delete a specific firewall rule using netsh.
    netsh advfirewall firewall delete rule name="Block Port 8080"
  27. Backup current firewall configuration using netsh.
    netsh advfirewall export "C:\path\to\backup.wfw"
  28. Import a firewall configuration using netsh.
    netsh advfirewall import "C:\path\to\backup.wfw"
  29. Allow inbound traffic on all ports for a specific IP using netsh.
    netsh advfirewall firewall add rule name="Allow Inbound from Specific IP" dir=in action=allow remoteip=192.168.1.100
  30. Block outbound traffic on all ports for a specific IP using netsh.
    netsh advfirewall firewall add rule name="Block Outbound to Specific IP" dir=out action=block remoteip=192.168.1.100
  31. Check the status of the firewall using netsh.
    netsh advfirewall show allprofiles state
Discuss the article:

Comment anonymously. Login not required.