Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Configure advanced firewall in Windows 2008 using NETSH CLI
In the previous article, I introduced how to configure the advanced firewall in Windows Server 2008 using the MMC snap-in. In this article, I will show you how to configure the same Windows 2008 Server Advanced Firewall using the command line interface (CLI) using the netsh utility. There are many reasons you want to do this, let's find out .
Definition of netsh utility for firewall
In Windows 2008 Server, you see a high-end firewall for the base server. Here are some of the new features that I mentioned in the article Configuring Advanced Firewall in Windows Server 2008 using the MMC snap-in:
- New GUI interface - The MMC snap-in is available to configure the firewall.
- Bi-directional - Filters traffic in and out.
- Works better with IPSEC - The rules of firewalls and IPSec encryption configurations have been integrated together.
- Advanced Rules configuration - You can set rules for Windows Active Directory (AD) accounts, groups, and destinations for dynamic IP addresses, protocol numbers, sources, and destinations for TCP / port UDP, ICMP, IPv6, and Windows Server interfaces.
Netsh advfirewall is a command line used for the Advanced Firewall Windows 2008 Server configuration. Is CLI used for configuring Windows firewall?
While some people like to use the MMC snap-in interface to configure a firewall, others prefer to use CLI for the following reasons:
- Faster - Know how to use the netsh advfirewall commands, making access to the screen interface faster.
- Editing - You can edit the main commands with this tool.
- Working when the screen interface is not displayed - Like the CLI tool, you can use netsh advfirewall when the screen is not displayed, for example: Window Server 2008 Core.
Which command is used with netsh advfirewall?
Here are the 9 most important commands you need to know when using the netsh advfirewall command.
Help (?)
This is the most used statement. Whenever you type the command, this command will allow you to see all the options available in the corresponding command (see Figure 1).
Configure advanced firewall in Windows 2008 using NETSH CLI Picture 1
Figure 1: The help option in netsh advfirewall
Consec command (securely connect to the required profile)
The connection information will allow you to create IPSEC VPNs between the two systems. In other words, the consec statement allows to ensure that the traffic through the firewall is limited or filtered.
This option will create a safe connection configuration as follows:
netsh advfirewall> consec
netsh advfirewall consec>
Here, if you type the command? You will see 6 different situations in netsh advfirewall consec (see Figure 2).
If typing? Here, you can change the security information with the following commands:
- Add : Added the new connection security rule
- Delete : Delete a connection security rule.
- Dump : This command does not work in this context.
- Help : Display all commands.
- Set : Set a new value for an existing rule.
Configure advanced firewall in Windows 2008 using NETSH CLI Picture 2
Figure 2: The netsh option advfirewall consec
Show command
You use the Show command to list what the firewall will do next. There are 3 options for this command:
- Show alias will list aliases.
- Show helper lists high-level helpers.
- Show mode notifies the firewall is active or inactive.
Export
You should export all current firewall configurations to a file. This command will be very useful because you can back up all file settings and restore them when you don't like the new profiles you have created.
Firewall command
With this command you can add new internal and external rules for the firewall. This command also allows changing rules on the firewall.
Configure advanced firewall in Windows 2008 using NETSH CLI Picture 3
Figure 3: The netsh command advfirewall firewall
In the firewall command there are four important commands:
- Add : Add firewall rules in and out.
- Delete : Delete a rule.
- Set : Set a new value for the established rules.
- Show : Displays a specified firewall rule.
The following is an example of the Add and Delete commands:
Add a rule for messenger.exe
netsh advfirewall firewall add rule name = "allow messenger"
dir = in program = "c: programfilesmessengermsmsgs.exe 'action = allow
Delete all the rules in port 21
netsh advfirewall firewall delete name rule name = all protocol = tcp localport = 21
Import
The import command allows importing firewall profiles from a file. With this command you can load into a file that you exported. For example:
netsh advfirewall import 'c: advfirewall.wfw'
Reset
This command will reset the firewall permissions back to default. Be careful with this command because as soon as you type this command it will reset the terms without asking if you agree. Here is an example:
netsh advfirewall reset
Set
The Set command changes the firewall state to various information. There are 6 types of content for this command:
Configure advanced firewall in Windows 2008 using NETSH CLI Picture 4
Figure 4: netsh advfirewall set
- Set allprofiles : Change the setting of all profiles.
- Set currentprofile : Change the settings for the current profile.
- Set domainprofile : Change the settings for profiledomain
- Set global : The general setting of the firewall.
- Set privateprofile : Change the setting of personal information.
- Set publicprofile : Change the setting of general information.
Example command set:
- Turn off the firewall for all profiles:
netsh advfirewall set allprofiles state off - Set the default for locking connections and allow outbound connections on all profiles:
netsh advfirewall set allprofiles firewallpolicy blockinbound, allowoutbound - Enable remote management mode on all profiles:
netsh advfirewall set allprofiles settings remotemanagement enable - Login connections on all profiles:
netsh advfirewall set allprofiles logging droppedconnections enable
Show
The show command displays all the settings you have made for all other profiles.
Conclude
In this article, we identified the main commands needed to configure the Windows 2008 firewall with the netsh advfirewall command. Now you need to decide whether to use the user interface or the commands to configure the firewall. Both methods have the same options. The command line interface will not be much different from the Windows 2008 firewall when you already know the commands.
Micah SotoYou should read it
- 10 Netsh commands of Windows Server 2008 should know
- What is a firewall? General knowledge about Firewall
- Instructions to enable / disable Windows Firewall with Command Prompt
- Configure wireless connection of Windows Vista from CLI with netsh wlan
- 5 reasons why you should use a firewall
- What is a firewall? Overview of Firewall
- 10 free firewall software is most worthwhile
- How to check the firewall
- How to turn on the router's built-in firewall
- Instructions allow applications to communicate with each other via Windows Firewall
- How to turn firewall (Firewall) on Win 7
- Learn about Cloud Firewall
Maybe you are interested
What to do when open command window here does not appear?
How to switch users on the Linux command line
How to fix Mac Homebrew error 'zsh: command not found: brew'
What is the Command key on Windows?
How to use read command in Linux
Basic Linux commands everyone needs to know - Operations on Linux are much faster
Control of resource terms
10 ways to reduce enterprise security risk
Microsoft Office 2007: Preventing dangerous content and phishing scams
The new Vista firewall is not sure of the output security
How to protect DNS server against hackers
7 ways to keep the search history unnoticed