Use the netsh tool to configure the firewall in the Windows Command Line Interface (CLI). There are many reasons to choose this configuration method, let us find the answer together.
Understanding Netsh advfirewall Tools
In the new Windows 2008 Server, you will see a more advanced host-based firewall. In the last article we have mentioned some of its new features:
· new graphical interface — now configure this advanced firewall through a management console unit.
· Two-way protection & mdash; Filter outbound and inbound traffic.
· Better cooperation with IPSEC — now firewall rules and IPSec encryption configurations are integrated into one interface.
·Advanced Rules Configuration — You can create firewall rules for various objects on Windows Server and configure firewall rules to block or allow traffic to pass through Windows Firewall with advanced security.
Netsh is a command-line tool that you can use to configure network component settings. Windows Firewall with advanced security provides the netsh advfirewall tool, which you can use to configure Windows Firewall settings with advanced security. Use netsh advfirewall to create scripts to automatically configure a set of Windows Firewall settings with advanced security for both IPv4 and IPv6 traffic. You can also use the netsh advfirewall command to display the configuration and status of a Windows Firewall with advanced security.
Why use a command line interface to configure a Windows firewall?
As the saying goes, turnip greens have their own love. Some people like to use the graphical management unit to configure this new firewall, and some people prefer to complete their configuration through the command line, for the following reasons:
· configuration faster — Once you've mastered how to use the netsh advfirewall command, configuring the firewall is much faster than using a graphical interface.
· can write scripts — with this tool you can script some common functions.
· Firewall &mdash can still be configured when the graphical interface is not available; like other command line tools, when the graphical interface is not available, for example in Windows Server 2008 Core mode, you can still use netsh The advfirewall tool is used to configure the firewall.
What are the commands available?
Netsh advfirewall has a lot of commands. Today we choose the most common commands you must master to introduce to you.
1, help command (or “?”)
Although simple, but this may be the most useful command. Any time you type the "?” command, you will see all the options related to the context, as shown in Figure 1.
Figure 1, netsh advfirewall and help options
2, consec (connection security rules) command
This connection rule allows you to create IPSEC between two systems VPN. In other words, the consec rule allows you to enforce the security of communication through the firewall, not just restrict or filter it.
This command will take you to the connection security configuration mode as follows:
Netsh advfirewall>consec
Netsh advfirewall consec>
Now If you type the "?” command, you will see six different commands in netsh advfirewall consec (see Figure 2).
From here you can see that you can modify the security rules with the following command:
Commands in this context:
·add commands allow you to add new connections Security rules;
·delete commands let you delete all matching connection security rules;
·dump command displays a configuration script;
·help can display commands List.
· The set command lets you set new values for the properties of an existing rule.
Figure 2, netsh advfirewall consec command options
show command
To see the current status of the firewall, you will have to use this show command, then provide three Different commands are available.
·Show alias lists all defined aliases for you;
·show helper lists all top helpers;
·Show mode commands can be steel balls you Shows whether the firewall is online or offline.
3.Export Command
This command allows you to export all current firewall configurations to a file. This command is very useful because you can back up all the configuration to the file. If you are not satisfied with the configuration you have already made, you can use this file to restore the state before the modification.
The following is an application example:
netsh advfirewall export “c:advfirewall.wfw”
4, Firewall command
You can use this command Add new inbound and outbound rules to your firewall. It also allows you to modify the rules in the firewall.
Figure 3, netsh advfirewall firewall
In the firewall context command, you will see four important commands, namely:
·Add command allows you to increase Inbound and outbound rules;
·Delete commands let you delete a rule;
·Set command sets new values for existing rule properties;
· The Show command will display a specified firewall rule.
The following is an example of adding and removing a firewall rule:
Adding an inbound rule for messenger.exe
netsh advfirewall firewall add rule name="allow messenger" ; dir=in program="c:programfilesmessengermsmsgs.exe” action=allow
Delete all inbound rules for local port 21:
netsh advfirewall firewall delete name rule name=all protocol =tcp localport=21
5, Import command
Import command allows you to import the configuration of the firewall from a file. This command allows you to restore the firewall configuration that you previously exported using the export command. Here's an example:
Netsh advfirewall import “c:advfirewall.wfw”
6, Reset
This command lets you reset the firewall policy to the default policy state. Be cautious when using this command, because once you type this command and press Enter, it will no longer let you confirm if you really want to reset, directly restore the firewall policy.
Example commands are as follows:
Netsh advfirewall reset
7, Set command
The set command will allow you to modify the different settings of the firewall. There are six related context commands.
Figure 4, netsh advfirewall set
What is the servers diary? The servers diary is to record the whole process of the website being acc
Colleagues have been on a business trip for a long time. Recently I came back and found me a
Experimental environment: windows server 2008 intranet IP 192.168.1.1 external network IP 100.100.1
system disk, so the source file can not be found. Solution: Insert the 2012 installation CD or load
Windows Sever 2008 Ultimate Slimming Tips
Windows Server 2003 VPN (Virtual Private Network)
Cmd command to create a system user and initialize a new user desktop
Win Server 2008 R2 builds a small error solution in the domain environment
Visual Studio 2012 can test Windows 8 applications
Problems that may occur in Windows 2003 just installed machine
Package Windows Server 2012 VHD
Key steps for Windows Server 2012 migration
Windows 2008 system how to cancel Ctrl+Alt+Delete key combination login
Windows server 2008 RAS service configuration
XP system play games show how to solve the problem of insufficient memory?
WinXP Home Edition Blocker Run Tips
Win8 system can not enter the BIOS how to do?
Win8 system how to fix the start menu program win8 system start menu program fixed method
How to solve broadband connection error 813 under win10 system? How to solve?
Win10 system how to add Defender icon to the taskbar method
Win7 system boot prompt comService error need to send error report
How to view source file information in ShedWorx Music Converter