Modify

Enable/Disable Firewall

netsh firewall reset

Completely removes/resets firewall settings.

netsh firewall set opmode enable

Enables Windows Firewall.

netsh firewall set opmode disable

Disables Windows Firewall.

netsh advfirewall set allprofiles state off

Toggles firewall off for all profiles.

netsh advfirewall set currentprofile state off

Toggles firewall off for the current profile.

Set-NetFirewallProfile -Profile Domain -Enabled True

Toggles firewall for the specified profile (can toggle all at once: Domain, Private, Public).

netsh advfirewall set privateprofile state on

Toggles firewall on for the specified profile.

Logging

Log dropped connections on all profiles:

netsh advfirewall set allprofiles logging droppedconnections enable

Log dropped packets and connections:

netsh firewall set logging droppedpackets=enable connections=enable

Set current profile log's max size:

netsh advfirewall set currentprofile logging maxfilesize 1024

Add Rules

New-NetFirewallRule

New-NetFirewallRule -DisplayName "<RuleName>" -Direction Inbound -Program "c:\my.exe" -Action Allow

New-NetFirewallRule -DisplayName "<RuleName>" -Direction Outbound -Program "c:\my.exe" -Action Block

New-NetFirewallRule -DisplayName <RuleName> RemoteAddress 10.10.10.25 -Action Allow

netsh advfirewall firewall add rule

netsh advfirewall firewall add rule name="<RuleName>" dir=out action=block program="c:\my.exe" enable=yes

netsh advfirewall firewall add rule name="<RuleName>" dir=in action=allow program="c:\my.exe" enable=yes

netsh advfirewall firewall add rule name="<RuleName>" dir=in protocol=tcp localport=443 profile=public action=allow

netsh advfirewall firewall add rule name="<RuleName>" dir=in protocol=udp localport=443 profile=public action=allow

netsh advfirewall firewall add rule name="<RuleName>" dir=in action=allow protocol=TCP localport=443

netsh advfirewall firewall add rule name="<RuleName>" dir=in action=allow program="c:\my.exe" profile=private enable=yes

netsh advfirewall firewall add rule name="<RuleName>" dir=in action=allow protocol=tcp localport=31337 remoteport=6666 remoteip=192.168.11.14 profile=private

Delete Rules

Removes a firewall rule:

Remove-NetFirewallRule

Removes a firewall rule by name:

Remove-NetFirewallRule -DisplayName "<RuleName>"

Deletes an existing inbound or outbound firewall rule:

netsh advfirewall firewall delete rule

Deletes a rule by name:

netsh advfirewall delete rule name="<RuleName>"

Deletes a rule by name:

netsh advfirewall firewall delete rule name="<RuleName>"

Modify Existing Rules

Modifies existing firewall rules:

Set-NetFirewallRule

Enable All ICMP Traffic:

netsh firewall set icmpsetting type=all mode=enable

Allow inbound echo request:

netsh firewall set icmpsetting type=8 mode=enable

Disable groups of rules:

netsh advfirewall firewall set rule group="<GroupName>" new enable=no

Enable groups of rules:

netsh advfirewall firewall set rule group="<GroupName>" new enable=yes

Export/Import Rules

Create a BACKUP of the netsh firewall configuration:

netsh advfirewall export "c:\\FW-Before-Changes.wfw"

Restore netsh firewall configuration from BACKUP:

netsh advfirewall import "c:\\FW-Before-Changes.wfw"

Registry Locations

Globally Open Ports:

reg query hklm\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\globallyopenports\\list

Authorized Apps:

reg query hklm\\system\\currentcontrolset\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\authorizedapplications\\list

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

Holds settings for Windows Firewall policies, including rules and profiles for Domain, Private, and Public networks.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall

Contains Windows Firewall configuration settings applied through Group Policy for Domain, Private, and Public profiles.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsFirewall

Used by older versions of Windows to store Windows Firewall settings that are applied across different profiles.

HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewall

Stores user-specific Windows Firewall settings applied through Group Policy, affecting the firewall behavior for the current user.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy

Default configuration settings for Windows Firewall, including default rules and policy settings for all profiles.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

Contains information on network profiles, which can influence Windows Firewall behavior based on the network's classification (Private, Public, Domain).

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsFirewall\AdvancedSecurity

Stores advanced settings for Windows Firewall with Advanced Security, including inbound and outbound rules, and connection security rules.

PreviousEnumerate NextAudit Policies

Last updated 1 year ago

Was this helpful?