Home > Server Administration > Modifying Windows Firewall via Command Line

Modifying Windows Firewall via Command Line

Windows is all GUI now and very little command line any more, well believe it or not command line is still a very powerful tool that can change a lot of items within Windows. Here we will talk about Modifying Windows Firewall via Command Line. The Windows firewall is a very basic firewall that protects users from some of the attacks that come across the Internet.

The netsh command is a program that comes with Windows and is what we will be using to make specific changes to the Windows firewall in this article. Modifying Windows Firewall vial Command Line doesn’t have to be difficult the netsh command alone will put you at a netsh> prompt which is ready for more commands. Because netsh can be used to modify other items beside the firewall we need to tell it that we will be configuring the firewall so we give the netsh> prompt the firewall command. Now we are sitting at netsh firewall> prompt. Like any other command line program we can give it a ? to display all the available commands.

netsh firewall>?
Commands in this context:
?                -Displays a list of commands.
add          -Adds firewall configuration.
delete     -Deletes firewall configuration.
dump      -Displays a configuration script.
help         -Displays a list of commands.
reset        -Resets firewall configuration to default
set            -Sets firewall configuration
show        -Shows firewall configuration

So lets now do an example of a configuration we can do with netsh and allow Incoming ICMP ECHO Requests

netsh firewall>set icmpsetting 8 ENABLE

To disable ICMP ECHO Requests

netsh firewall>set icmpsetting 8 DISABLE

Enable Fire and Printer sharing

netsh firewall>set service FILEANDPRINT ENABLE

Now as you can see we have done some very broad configurations that either allow everyone or no one to connect or ping our computer. Lets say we want just a specific network access our computer. Then we will have to use the CUSTOM command within netsh firewall>

netsh firewall>set service FILEANDPRINT ENABLE CUSTOME

So the above statement is only going to allow computers on the network to connect to my computer for file and printer sharing. For those of you who might not be very network familiar the /24 at the end of the network address is the subnet mask. Not to get off on to far of a tangent the /24 means a 24 bit mask which is

Now lets say we are testing something and want to just turn the firewall off completely, well we can do this very easily from command prompt.

netsh firewall>set opmode disable

Now obviously if we turned the firewall of we just might need to turn it back on so.

netsh firewall>set opmode enable

So with all this changing we have done something has gone terribly wrong and we cannot get the right traffic in and out of our computer that we want. So the best thing to do is reset out firewall back to defaults and this can be done by a very simple and obvious command.

netsh firewall>reset

After executing this command all of our modifications will be lost and the firewall will go back to all of its default settings.