windows防火墙命令详解

Old command 针对win7以下版本<包含win7>

Example 1: 启用一个程序

Old command	New command
netsh firewall add allowedprogram C:MyAppMyApp.exe "My Application" ENABLE	netsh advfirewall firewall add rule name=”My Application” dir=in action=allow program=”C:MyAppMyApp.exe” enable=yes
netsh firewall add allowedprogram program=C:MyAppMyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=Domain	netsh advfirewall firewall add rule name=”My Application” dir=in action=allow program=”C:MyAppMyApp.exe” enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain
netsh firewall add allowedprogram program=C:MyAppMyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=ALL	Run the following commands: netsh advfirewall firewall add rule name=”My Application” dir=in action=allow program=”C:MyAppMyApp.exe” enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain netsh advfirewall firewall add rule name=”My Application” dir=in action=allow program=”C:MyAppMyApp.exe” enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private

Example 2: 启用端口

Old command	New command
netsh firewall add portopening TCP 80 “Open Port 80”	netsh advfirewall firewall add rule name=”Open Port 80” dir=in action=allow protocol=TCP localport=80

Example 3: 删除已启用的程序或端口

Old command	New command
netsh firewall delete allowedprogram C:MyAppMyApp.exe	*netsh advfirewall firewall delete rule name=rule nameprogram=”C:MyAppMyApp.exe”*
delete portopening protocol=UDP port=500	*netsh advfirewall firewall delete rule name=rule nameprotocol=udp localport=500*

Example 4: ICMP配置

Old command	New command
netsh firewall set icmpsetting 8	netsh advfirewall firewall add rule name=”ICMP Allow incoming V4 echo request” protocol=icmpv4:8,any dir=in action=allow
netsh firewall set icmpsetting type=ALL mode=enable	netsh advfirewall firewall add rule name=”All ICMP V4” protocol=icmpv4:any,any dir=in action=allow

Example 5: 设置日志

Old command	New command
netsh firewall set logging %systemroot%system32LogFilesFirewallpfirewall.log 4096 ENABLE ENABLE	Run the following commands: netsh advfirewall set currentprofile logging filename %systemroot%system32LogFilesFirewallpfirewall.log netsh advfirewall set currentprofile logging maxfilesize 4096 netsh advfirewall set currentprofile logging droppedconnections enable netsh advfirewall set currentprofile logging allowedconnections enable

Example 6:启动防火墙

Old command	New command
netsh firewall set opmode ENABLE	netsh advfirewall set currentprofile state on
netsh firewall set opmode mode=ENABLE exceptions=enable	Run the following commands: Netsh advfirewall set currentprofile state on netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound
netsh firewall set opmode mode=enable exceptions=disable profile=domain	Run the following commands: Netsh advfirewall set domainprofile state on netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound
netsh firewall set opmode mode=enable profile =ALL	Run the following commands: netsh advfirewall set domainprofile state on netsh advfirewall set privateprofile state on

For more information, run the following command:

netsh advfirewall set currentprofile ?

Example 7: 恢复默认防火墙策略

Old command	New command
netsh firewall reset	netsh advfirewall reset

查看更多的信息,运行以下命令

netsh advfirewall reset ?

Example 8: 启用特定的服务

Old command	New command
netsh firewall set service FileAndPrint	netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=Yes
netsh firewall set service RemoteDesktop enable	netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
netsh firewall set service RemoteDesktop enable profile=ALL	Run the following commands: netsh advfirewall firewall set rule group="remote desktop " new enable=Yes profile=domain netsh advfirewall firewall set rule group="remote desktop " new enable=Yes profile=private