Firewall, Windows 7

Configuring windows firewall from the command line

To configure Windows firewall from the command line, you have to open the cmd with administrative rights.

Default Rule

To deny all incoming connections and allow all outgoing connections:

netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound

Enable or Disable firewall

To enable firewall:

netsh advfirewall set allprofiles state on

or

netsh firewall set opmode enable

To disable firewall:

netsh advfirewall set allprofiles state off

or

netsh firewall set opmode disable

 

Allow or Deny rules

To add a rule allowing tcp or udp incoming packets on port 80:

netsh advfirewall firewall add rule name="HTTP" 
protocol=TCP localport=80 action=allow dir=IN
netsh advfirewall firewall add rule name="HTTP" 
protocol=UDP localport=80 action=allow dir=IN

To deny tcp or udp packets on port x:

netsh advfirewall firewall add rule name="HTTP" 
protocol=TCP localport=80 action=block dir=IN
netsh advfirewall firewall add rule name="HTTP" 
protocol=UDP localport=80 action=block dir=IN

 

Delete a rule

To delete a rule issue the following command:

netsh advfirewall firewall delete rule name="HTTP"

 

Allow or deny
incoming connection for specific port and IP

To allow from specific ip:

netsh advfirewall firewall add rule name="HTTP" 
protocol=TCP localport=80 action=allow dir=IN remoteip=x.x.x.x

To deny from specific ip:

netsh advfirewall firewall add rule name="HTTP" 
protocol=TCP localport=80 action=block dir=IN remoteip=x.x.x.x

 

Allow or deny a subnet

netsh advfirewall firewall add rule name="HTTP" 
protocol=TCP localport=80 action=block dir=IN remoteip=x.x.x.x/24

or

netsh advfirewall firewall add rule name="HTTP" 
protocol=TCP localport=80 action=allow dir=IN remoteip=x.x.x.x-x.x.x.x

or

netsh advfirewall firewall add rule name="HTTP" 
protocol=TCP localport=80 action=block dir=IN remoteip=localsubnet