首页 > 代码库 > netsh advfirewall

netsh advfirewall

对比:

Example 1: Enable a program

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain
netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private



netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes


Example 2: Enable a port

netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80


Example 3: Delete enabled programs or ports

netsh advfirewall firewall delete rule name=rule nameprogram="C:\MyApp\MyApp.exe

netsh advfirewall firewall delete rule name=rule nameprotocol=udp localport=500



Example 4: Configure ICMP settings

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow


netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow


netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block


Example 5: Set logging

netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log

netsh advfirewall set currentprofile logging maxfilesize 4096
netsh advfirewall set currentprofile logging droppedconnections enable

netsh advfirewall set currentprofile logging allowedconnections enable


Example 6: Enable Windows Firewall

netsh advfirewall set currentprofile state on

netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound


Domainprofile

Privateprofile

Publicprofile


Example 7: Restore policy defaults

netsh advfirewall reset


Example 8: Enable specific services

netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=private



// ===============================================================

恢复到默认设置

    Netsh advfirewall reset


导出防火墙配置

    netsh advfirewall export “c:\advfirewall.wfw”

导入防火墙配置

    Netsh advfirewall import “c:\advfirewall.wfw”


增加一个针对messenger.exe的入站规则

  netsh advfirewall firewall add rule name="allow messenger" dir=in   program="c:\programfiles\messenger\msmsgs.exe” action=allow

删除针对本地21端口的所有入站规则:

  netsh advfirewall firewall delete name rule name=all protocol=tcp localport=21


让防火墙关闭所有配置文件:

    netsh advfirewall set allprofiles state off


在所有配置文件中设置默认阻挡入站并允许出站通信:

    netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound


 在所有配置文件中打开远程管理:

    netsh advfirewall set allprofiles settings remotemanagement enable


在所有配置文件中记录被断开的连接:

    netsh advfirewall set allprofiles logging droppedconnections enable



(1)启用桌面防火墙

netsh advfirewall set allprofiles state on

(2)设置默认输入和输出策略

netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound

以上是设置为允许,如果设置为拒绝使用blockinbound,blockoutbound

(3)关闭tcp协议的139端口

netsh advfirewall firewall add rule name="deny tcp 139" dir=in protocol=tcp localport=139 action=block

(4)关闭udp协议的139端口

netsh advfirewall firewall add rule name="deny udp 139" dir=in protocol=udp localport=139 action=block

(5)关闭tcp协议的445端口

netsh advfirewall firewall add rule name="deny tcp 445" dir=in protocol=tcp localport=445 action=block

(6)关闭udp协议的445端口

netsh advfirewall firewall add rule name="deny udp 445" dir=in protocol=udp localport=445 action=block

(7)使用相同的方法,依次关闭TCP协议的21、22、23、137、138、3389、5800、5900端口。

netsh advfirewall firewall add rule name= "deny tcp 21" dir=in protocol=tcp localport=21 action=block

netsh advfirewall firewall add rule name= "deny tcp 22" dir=in protocol=tcp localport=22 action=block

netsh advfirewall firewall add rule name= "deny tcp 23" dir=in protocol=tcp localport=23 action=block

netsh advfirewall firewall add rule name= "deny tcp 3389" dir=in protocol=tcp localport=3389 action=block

netsh advfirewall firewall add rule name= "deny tcp 5800" dir=in protocol=tcp localport=5800 action=block

netsh advfirewall firewall add rule name= "deny tcp 5900" dir=in protocol=tcp localport=5900 action=block

netsh advfirewall firewall add rule name= "deny tcp 137" dir=in protocol=tcp localport=137 action=block

netsh advfirewall firewall add rule name= "deny tcp 138" dir=in protocol=tcp localport=138 action=block

(8)执行完毕后暂停

pause

echo 按任意键退出


恢复初始配置

(1)恢复初始防火墙设置

netsh advfirewall reset

(2)关闭防火墙

netsh advfirewall set allprofiles state off


本文出自 “norman20000的学习空间” 博客,谢绝转载!