Share!

Windows firewall can be managed from the command prompt using the netsh command and sc is used to manage internet connection sharing.

To start managing your Windows firewall and internet connection sharing from the command prompt, open Command prompt as administrator and run these commands:

Start / Stop firewall service

netsh firewall set opmode DISABLE
netsh firewall set opmode ENABLE

Start / Stop Windows Firewall/Internet Connection Sharing (ICS)

sc start SharedAccess
sc config SharedAccess start= auto

Allow/Deny Ports

netsh firewall add portopening TCP _port_number_ _name_ DISABLE ALL
netsh firewall add portopening TCP 3264 CCMAIL DISABLE ALL

netsh firewall add portopening TCP _port_number_ _name_ ENABLE ALL
netsh firewall add portopening TCP 8443 PLESK-ADMIN ENABLE ALL

Allow/Deny Programs

Programs to not allow TCP/UDP Socket Connections
netsh firewall add allowedprogram _path_ _name_ DISABLE ALL
netsh firewall add allowedprogram C:\WINDOWS\Cluster\CluAdmin.exe CLUSTER-ADMIN DISABLE ALL

ICMP Settings

Allow outbound packet too big 2
Allow outbound destination unreachable 3
Allow outbound source quench 4
Allow redirect 5
Allow inbound echo request 8
Allow inbound router request 9
Allow outbound time exceeded 11
Allow outbound parameter problem 12
Allow inbound timestamp request 13
Allow inbound mask request 17

netsh firewall set icmpsetting 2 DISABLE

Allow/Deny Multicast Rules

netsh firewall set multicastbroadcastresponse DISABLE

Allow/Deny Desktop Popup

netsh firewall set notifications DISABLE

Allow/Deny Network Services

netsh firewall set service REMOTEDESKTOP ENABLE

Firewall Loging

netsh firewall set logging _path_ _size_ ENABLE
netsh firewall set logging C:\WINDOWS\system32\LogFiles\firewall.log 4096 ENABLE

Reporting

netsh firewall show config verbose = ENABLE
netsh firewall show state verbose = ENABLE
sc qc SharedAccess

Start/Stop IPSec

sc start PolicyAgent
sc config PolicyAgent start= auto

Load IPSec Backup Configuration

netsh -f filename

WinDefend - Windows Defender

sc start WinDefend
sc config WinDefend start= auto

Must manually configure the firewall to first start. Automated attempts at starting the firewall will cause it to come online with deny all / everything total lock down.