Configuring the Windows firewall from the command line helps IT professionals streamline firewall management. It provides direct control over enabling or disabling the firewall, adjusting port configurations, and managing ICMP settings. This approach delivers consistent security policies across multiple environments.

Administration of related services is also possible with the netsh and sc commands, ensuring comprehensive control over Internet Connection Sharing (ICS), IPSec, and other essential components. Command-line operations allow these services to be started, stopped, or configured with precision, aligning network traffic rules with organizational requirements.

Advanced features, such as adjusting multicast broadcast responses, tuning desktop notifications, and activating firewall logging, are readily accessible from the command line. This method reduces configuration errors, supports efficient troubleshooting, and makes it easier to maintain secure network conditions.

Steps to configure Windows 11 firewall from command prompt:

  1. Disable Windows firewall using netsh. 
    netsh advfirewall set allprofiles state off
  2. Enable Windows firewall using netsh. 
    netsh advfirewall set allprofiles state on
  3. Allow specific ports through the firewall using netsh. 
    netsh advfirewall firewall add rule name="Allow Port 8080" protocol=TCP dir=in localport=8080 action=allow
  4. Block specific ports through the firewall using netsh. 
    netsh advfirewall firewall add rule name="Block Port 8080" protocol=TCP dir=in localport=8080 action=block
  5. Allow a program through the firewall using netsh. 
    netsh advfirewall firewall add rule name="Allow Program" dir=in action=allow program="C:\path\to\program.exe"
  6. Block a program through the firewall using netsh. 
    netsh advfirewall firewall add rule name="Block Program" dir=in action=block program="C:\path\to\program.exe"
  7. Disable ICMP echo request (ping) using netsh. 
    netsh advfirewall firewall add rule name="Block ICMPv4 In" protocol=icmpv4:8,any dir=in action=block
  8. Enable ICMP echo request (ping) using netsh. 
    netsh advfirewall firewall add rule name="Allow ICMPv4 In" protocol=icmpv4:8,any dir=in action=allow
  9. Disable multicast broadcast responses using netsh. 
    netsh advfirewall set multicastbroadcastresponse disable
  10. Enable multicast broadcast responses using netsh. 
    netsh advfirewall set multicastbroadcastresponse enable
  11. Disable desktop notifications for firewall actions using netsh. 
    netsh advfirewall set currentprofile firewallpolicy blockinbound,blockoutbound
  12. Enable desktop notifications for firewall actions using netsh. 
    netsh advfirewall set currentprofile firewallpolicy allowinbound,allowoutbound
  13. Enable remote desktop through the firewall using netsh. 
    netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
  14. Disable remote desktop through the firewall using netsh. 
    netsh advfirewall firewall set rule group="remote desktop" new enable=No
  15. Enable firewall logging using netsh. 
    netsh advfirewall set currentprofile logging filename "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" maxfilesize=4096
  16. Load IPSec backup configuration using netsh. 
    netsh -f C:\path\to\ipsec-backup.txt
  17. View current firewall configuration using netsh. 
    netsh advfirewall show allprofiles
  18. View the state of firewall rules using netsh. 
    netsh advfirewall firewall show rule name=all
  19. Start Internet Connection Sharing (ICS) service using sc. 
    sc start SharedAccess
  20. Stop Internet Connection Sharing (ICS) service using sc. 
    sc stop SharedAccess
  21. Set IPSec service to start automatically using sc. 
    sc config PolicyAgent start= auto
  22. Start IPSec service using sc. 
    sc start PolicyAgent
  23. Set Windows Defender service to start automatically using sc. 
    sc config WinDefend start= auto
  24. Start Windows Defender service using sc. 
    sc start WinDefend
  25. Restore default firewall settings using netsh. 
    netsh advfirewall reset
  26. Delete a specific firewall rule using netsh. 
    netsh advfirewall firewall delete rule name="Block Port 8080"
  27. Backup current firewall configuration using netsh. 
    netsh advfirewall export "C:\path\to\backup.wfw"
  28. Import a firewall configuration using netsh. 
    netsh advfirewall import "C:\path\to\backup.wfw"
  29. Allow inbound traffic on all ports for a specific IP using netsh. 
    netsh advfirewall firewall add rule name="Allow Inbound from Specific IP" dir=in action=allow remoteip=192.168.1.100
  30. Block outbound traffic on all ports for a specific IP using netsh. 
    netsh advfirewall firewall add rule name="Block Outbound to Specific IP" dir=out action=block remoteip=192.168.1.100
  31. Check the status of the firewall using netsh. 
    netsh advfirewall show allprofiles state
Discuss the article:

Comment anonymously. Login not required.