Windows firewall can be managed from the command line using the netsh command. sc on the other hand is used to manage internet connection sharing.

To start managing your Windows firewall and internet connection sharing from the command line, open Command prompt as administrator and run netsh and sc commands.

Steps to configure Windows firewall from command line:

  1. Start and stop firewall service using netsh.
    netsh firewall set opmode DISABLE
    netsh firewall set opmode ENABLE
  2. Start and stop Windows Firewall/Internet Connection Sharing (ICS) using sc.
    sc start SharedAccess
    sc config SharedAccess start= auto
  3. Allow and deny ports using netsh.
    netsh firewall add portopening TCP _port_number_ _name_ DISABLE ALL
    netsh firewall add portopening TCP 3264 CCMAIL DISABLE ALL
    
    netsh firewall add portopening TCP _port_number_ _name_ ENABLE ALL
    netsh firewall add portopening TCP 8443 PLESK-ADMIN ENABLE ALL
  4. Allow and deny programs using netsh.
    Programs to not allow TCP/UDP Socket Connections
    netsh firewall add allowedprogram _path_ _name_ DISABLE ALL
    netsh firewall add allowedprogram C:\WINDOWS\Cluster\CluAdmin.exe CLUSTER-ADMIN DISABLE ALL
  5. Configure ICMP settings using netsh.
    Allow outbound packet too big 2
    Allow outbound destination unreachable 3
    Allow outbound source quench 4
    Allow redirect 5
    Allow inbound echo request 8
    Allow inbound router request 9
    Allow outbound time exceeded 11
    Allow outbound parameter problem 12
    Allow inbound timestamp request 13
    Allow inbound mask request 17
    
    netsh firewall set icmpsetting 2 DISABLE

  6. Allow and deny multicast rules using netsh.
    netsh firewall set multicastbroadcastresponse DISABLE
  7. Allow and deny desktop popup using netsh.
    netsh firewall set notifications DISABLE
  8. Allow and deny network services using netsh.
    netsh firewall set service REMOTEDESKTOP ENABLE
  9. Configure firewall loging using netsh.
    netsh firewall set logging _path_ _size_ ENABLE
    netsh firewall set logging C:\WINDOWS\system32\LogFiles\firewall.log 4096 ENABLE
  10. Configure firewall reporting using netsh and sc.
    netsh firewall show config verbose = ENABLE
    netsh firewall show state verbose = ENABLE
    sc qc SharedAccess
  11. Start and stop IPSec using sc.
    sc start PolicyAgent
    sc config PolicyAgent start= auto

  12. Load IPSec backup configuration using netsh.
    netsh -f filename
  13. Start and stop WinDefend (Windows Defender) using sc.
    sc start WinDefend
    sc config WinDefend start= auto

Must manually configure the firewall to first start. Automated attempts at starting the firewall will cause it to come online with deny all / everything total lock down.

Discuss the article:

Comment anonymously. Login not required.

Share!