date: “2016-12-01” draft: false title: “netsh”
Advanced networking command-line utility.
Resources
| Description | Link |
|---|---|
netsh advfirewall firewall docs |
TechNet |
| Logging Specific information | TechNet - Logging |
| Disabling specific firewall profiles | MSDN |
| Shows: Enabling ports, services, programs, logging, and more | MS Support |
Firewall
On older systems netsh firewall works. For newer systems use netsh advfirewall firewall.
To enter into the Firewall Configuration mode
netsh advfirewall
Fun fact: The Windows Firewall operates only in User Mode. The Windows Filtering Platform (WPF) has functionality in both User Mode and Kernel Mode.
Basic Commands
Check and change the status of the firewall
| Command | Description |
|---|---|
netsh advfirewall show allprofiles |
Display properties for all profiles. |
netsh advfirewall show currentprofile |
Display properties for the active profile. |
netsh advfirewall show domainprofile |
Display properties for the domain properties. |
netsh advfirewall show global |
Display the global properties. |
netsh advfirewall show privateprofile |
Display properties for the private profile. |
netsh advfirewall show publicprofile |
Display properties for the public profile. |
netsh advfirewall show store |
Display the policy store for the current interactive session. |
netsh advfirewall set allprofiles state off |
Turn off all profiles |
netsh advfirewall set allprofiles state on |
Turn on all profiles |
netsh advfirewall set currentprofile state off |
Turn the current profile off |
netsh advfirewall set currentprofile state on |
Turn the current profile on |
netsh advfirewall set public state off |
Turn off public profile firewall |
netsh firewall set opmode profile=all mode=enable |
Alternative syntax to enable a profile |
netsh firewall set opmode profile=all mode=disable |
Alternative syntax to disable a profile |
Review Firewall Rules
| Command | Description |
|---|---|
netsh advfirewall show currentprofile |
Display status of current profile |
netsh advfirewall firewall show rule profile=private name=all |
Replace “profile” for the current profile. |
netsh advfirewall firewall show rule profile=private name=all > fwrules.txt |
Get output as a text file for review |
netsh advfirewall firewall show rule name=all |
Show all the rules on the system |
netsh advfirewall firewall show rule profile=private name=all |
Show all the rules on the private profile |
Enable/Disable Rules
| Command | Description |
|---|---|
netsh advfirewall firewall set rule name="NameOfFirewallRule" new enable=yes |
Enable an individal rule |
netsh advfirewall firewall set rule name="NameOfFirewallRule" new enable=no |
Disable an individual rule |
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes |
Enable a group rule |
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=no |
Disable a group rule |
Add a Port based rule
# Add SSH
netsh advfirewall firewall add rule
name="Secure Shell"
dir=in
action=allow
protocol=TCP
localport=22
remoteport=49155
profile=any
# Verify
netsh advfirewall firewall show rule name="Secure Shell"
# Create a rule that will allow inbound TCP traffic
# from a specific IP address and source port
# to a specific destination port:
netsh advfirewall firewall add rule
name="Rule Name"
dir=in
protocol=tcp
localport=31337
remoteport=6666
remoteip=192.168.11.14
profile=private
action=allow
# Verify
netsh advfirewall firewall show rule name="Rule Name"
Add a Program based rule
netsh advfirewall firewall add rule
name="FOX"
dir=in
action=allow
program="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
enable=yes
Delete, Backup, Import
| Command | Description |
|---|---|
netsh advfirewall firewall delete rule name="<Rule Name>" |
Delete Rule by Name |
| Example Needed | Delete Rule by Port |
netsh advfirewall export "C:\FW-Before-Changes.wfw" |
Export firewall rules |
netsh advfirewall import "C:\FW-Before-Changes.wfw" |
Import a firewall backup file |
Common and Useful rules
| Command | Description |
|---|---|
netsh firewall set logging droppedpackets=enable connections=<enable/disable> |
Enable / Disable Firewall Log |
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow |
Respond to Pings |
netsh firewall set service type = remotedesktop mode = enable |
Turn on RDP (xp) |
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes |
Turn on RDP |
netsh firewall set service type = fileandprint mode = <enable/disable> |
File share (xp) |
netsh advfirewall firewall set rule group="Network Discovery" new enable=<yes/no> |
File Share |
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=<yes/no> |
File Share |