Windows 7 / Networking

Using netsh Command to Configure the Windows Firewall

To view the current firewall configuration, including ports that have been opened, use the following command:

netsh firewall show state
NOTE: If the Firewall status shows that the Operational mode is set to Enable, this means that the Windows Firewall is enabled but no specific ports have been opened.

To open ports at the firewall for DNS (port 53), use the following command:

netsh firewall add portopening ALL 53 DNS-server

To view the firewall configuration, use the following command:

netsh firewall show config

To enter the netsh advfirewall context, at the command prompt, type

netsh

When you enter the netsh context, the command prompt displays the >netsh prompt. At the >netsh prompt, enter the advfirewall context type:

advfirewall

After you are in the advfirewall context, you can type commands in that context.

Commands include the following:

  • Export: Exports the current firewall policy to a file.
  • Help: Displays a list of available commands.
  • Import: Imports a policy from the specified file.
  • Reset: Restores Windows Firewall with Advanced Security to the default policy.
  • Set: Supports the following commands:
    • set file: Copies the console output to a file.
    • set machine: Sets the current machine on which to operate.
    • show: Shows the properties for a particular profile. Examples include show allprofiles, show domainprofile, show privateprofile and show publicprofile.

In addition to the commands available for the advfirewall context, advfirewall also supports several subcontexts. To enter a subcontext, type the name of the subcontext at the netsh advfirewall> prompt. The available subcontexts are:

  • consec: Enables you to view and configure computer security connection rules
  • Firewall: Enables you to view and configure firewall rules
  • Monitor: Enables you to view and set monitoring configuration

Managing Windows Firewall with Advanced Security via Group Policy

To centralize the configuration of large numbers of computers in an organization network that uses the Active Directory directory service, you can deploy settings for Windows Firewall with Advanced Security through Group Policy. Group Policy provides access to the full feature set of Windows Firewall with Advanced Security, including profile settings, rules, and computer connection security rules.

[Previous] [Contents] [Next]