Appendix B: Netsh Command Syntax for the Netsh Firewall Context
The following Netsh commands can be used in scripts or at the command line to configure Windows Firewall for IPv4 and IPv6 traffic when executed from the netsh firewall context:
add allowedprogram
set allowedprogram
delete allowedprogram
set icmpsetting
set multicastbroadcastresponse
set notifications
set logging
set opmode
add portopening
set portopening
delete portopening
set service
show commands
reset
The following sections describe each command and its syntax.
On This Page
set multicastbroadcastresponse
add allowedprogram
Used to add a program-based exception.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
add allowedprogram
[ program = ] path
[ name = ] name
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Adds firewall allowed program configuration.
Parameters:
program - Program path and file name.
name - Program name.
mode - Program mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Program scope (optional).
ALL - Allow all traffic through firewall
(default).
SUBNET - Allow only local network (subnet)
traffic through firewall.
CUSTOM - Allow only specified traffic through
firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Remarks: 'scope' must be 'CUSTOM' to specify
'addresses'.
Examples:
add allowedprogram C:\MyApp\MyApp.exe MyApp
ENABLE
add allowedprogram C:\MyApp\MyApp.exe MyApp
DISABLE
add allowedprogram C:\MyApp\MyApp.exe MyApp
ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.
0.0.0,LocalSubnet
add allowedprogram program = C:\MyApp
\MyApp.exe name = MyApp mode = ENABLE
add allowedprogram program = C:\MyApp
\MyApp.exe name = MyApp mode = DISABLE
add allowedprogram program = C:\MyApp
\MyApp.exe name = MyApp mode = ENABLE
scope = CUSTOM 157.60.0.1,172.16.0.
0/16,10.0.0.0/255.0.0.0,LocalSubnet
set allowedprogram
Used to modify the settings of an existing program-based exception.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
set allowedprogram
[ program = ] path
[ [ name = ] name
[ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall allowed program configuration.
Parameters:
program - Program path and file name.
name - Program name (optional).
mode - Program mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Program scope (optional).
ALL - Allow all traffic through firewall
(default).
SUBNET - Allow only local network (subnet)
traffic through firewall.
CUSTOM - Allow only specified traffic through
firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Remarks: 'scope' must be 'CUSTOM' to specify
'addresses'.
Examples:
set allowedprogram C:\MyApp\MyApp.exe MyApp
ENABLE
set allowedprogram C:\MyApp\MyApp.exe MyApp
DISABLE
set allowedprogram C:\MyApp\MyApp.exe MyApp
ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0
/255.0.0.0,LocalSubnet
set allowedprogram program = C:\MyApp
\MyApp.exe name = MyApp mode = ENABLE
set allowedprogram program = C:\MyApp
\MyApp.exe name = MyApp mode = DISABLE
set allowedprogram program = C:\MyApp
\MyApp.exe name = MyApp mode = ENABLE
scope = CUSTOM 157.60.0.1,172.16.
0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
delete allowedprogram
Used to delete an existing program-based exception.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
delete allowedprogram
[ program = ] path
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Deletes firewall allowed program configuration.
Parameters:
program - Program path and file name.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Examples:
delete allowedprogram C:\MyApp\MyApp.exe
delete allowedprogram program = C:\MyApp
\MyApp.exe
set icmpsetting
Used to specify excepted ICMP traffic.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
set icmpsetting
[ type = ] 2-5|8-9|11-13|17|ALL
[ [ mode = ] ENABLE|DISABLE
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Sets firewall ICMP configuration.
Parameters:
type - ICMP type.
2 - Allow outbound packet too big.
3 - Allow outbound destination unreachable.
4 - Allow outbound source quench.
5 - Allow redirect.
8 - Allow inbound echo request.
9 - Allow inbound router request.
11 - Allow outbound time exceeded.
12 - Allow outbound parameter problem.
13 - Allow inbound timestamp request.
17 - Allow inbound mask request.
ALL - All types.
mode - ICMP mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not be
specified together.
'type' 2 and 'interface' may not
be specified together.
Examples:
set icmpsetting 8
set icmpsetting 8 ENABLE
set icmpsetting ALL DISABLE
set icmpsetting type = 8
set icmpsetting type = 8 mode = ENABLE
set icmpsetting type = ALL mode = DISABLE
set multicastbroadcastresponse
Used to specify the unicast response to a multicast or broadcast request behavior.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
set multicastbroadcastresponse
[ mode = ] ENABLE|DISABLE
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall multicast/broadcast response
configuration.
Parameters:
mode - Multicast/broadcast response mode.
ENABLE - Allow responses to multicast/broadcast
traffic through the firewall.
DISABLE - Do not allow responses to multicast
/broadcast traffic through the firewall.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Examples:
set multicastbroadcastresponse ENABLE
set multicastbroadcastresponse DISABLE
set multicastbroadcastresponse mode = ENABLE
set multicastbroadcastresponse mode = DISABLE
set notifications
Used to specify the notification behavior.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
set notifications
[ mode = ] ENABLE|DISABLE
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall notification configuration.
Parameters:
mode - Notification mode.
ENABLE - Allow pop-up notifications from
firewall.
DISABLE - Do not allow pop-up notifications
from firewall.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Examples:
set notifications ENABLE
set notifications DISABLE
set notifications mode = ENABLE
set notifications mode = DISABLE
set logging
Used to specify logging options.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
set logging
[ [ filelocation = ] path
[ maxfilesize = ] 1-32767
[ droppedpackets = ] ENABLE|DISABLE
[ connections = ] ENABLE|DISABLE ]
Sets firewall logging configuration.
Parameters:
filelocation - Log path and file name (optional).
maxfilesize - Maximum log file size in kilobytes
(optional).
droppedpackets - Dropped packet log mode (optional).
ENABLE - Log in firewall.
DISABLE - Do not log in firewall.
connections - Successful connection log mode
(optional).
ENABLE - Log in firewall.
DISABLE - Do not log in firewall.
Remarks: At least one parameter must be specified.
Examples:
set logging %windir%\pfirewall.log 4096
set logging %windir%\pfirewall.log 4096 ENABLE
set logging filelocation = %windir%\pfirewall.
log maxfilesize = 4096
set logging filelocation = %windir%\pfirewall.
log maxfilesize = 4096
droppedpackets = ENABLE
set opmode
Used to specify the operating mode of Windows Firewall either globally or for a specific connection (interface).
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
set opmode
[ mode = ] ENABLE|DISABLE
[ [ exceptions = ] ENABLE|DISABLE
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Sets firewall operational configuration.
Parameters:
mode - Operational mode.
ENABLE - Enable firewall.
DISABLE - Disable firewall.
exceptions - Exception mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not be
specified together.
'exceptions' and 'interface'
may not be specified together.
Examples:
set opmode ENABLE
set opmode ENABLE DISABLE
set opmode mode = ENABLE
set opmode mode = ENABLE exceptions = DISABLE
add portopening
Used to create a port-based exception.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
add portopening
[ protocol = ] TCP|UDP|ALL
[ port = ] 1-65535
[ name = ] name
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Adds firewall port configuration.
Parameters:
protocol - Port protocol.
TCP - Transmission Control Protocol (TCP).
UDP - User Datagram Protocol (UDP).
ALL - All protocols.
port - Port number.
name - Port name.
mode - Port mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Port scope (optional).
ALL - Allow all traffic through firewall
(default).
SUBNET - Allow only local network (subnet)
traffic through firewall.
CUSTOM - Allow only specified traffic through
firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not
be specified together.
'scope' and 'interface' may
not be specified together.
'scope' must be 'CUSTOM' to
specify 'addresses'.
Examples:
add portopening TCP 80 MyWebPort
add portopening UDP 500 IKE ENABLE ALL
add portopening ALL 53 DNS ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.
0.0.0,LocalSubnet
add portopening protocol = TCP port = 80 name =
MyWebPort
add portopening protocol = UDP port = 500 name =
IKE mode = ENABLE scope = ALL
add portopening protocol = ALL port = 53 name =
DNS mode = ENABLE
scope = CUSTOM addresses = 157.60.0.1,172.16.
0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
set portopening
Used to modify the settings of an existing port-based exception.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
set portopening
[ protocol = ] TCP|UDP|ALL
[ port = ] 1-65535
[ [ name = ] name
[ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Sets firewall port configuration.
Parameters:
protocol - Port protocol.
TCP - Transmission Control Protocol (TCP).
UDP - User Datagram Protocol (UDP).
ALL - All protocols.
port - Port number.
name - Port name (optional).
mode - Port mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Port scope (optional).
ALL - Allow all traffic through firewall
(default).
SUBNET - Allow only local network (subnet)
traffic through firewall.
CUSTOM - Allow only specified traffic through
firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not
be specified together.
'scope' and 'interface' may not
be specified together.
'scope' must be 'CUSTOM' to specify
'addresses'.
Examples:
set portopening TCP 80 MyWebPort
set portopening UDP 500 IKE ENABLE ALL
set portopening ALL 53 DNS ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.
0.0.0,LocalSubnet
set portopening protocol = TCP port = 80
name = MyWebPort
set portopening protocol = UDP port = 500
name = IKE mode = ENABLE scope = ALL
set portopening protocol = ALL port = 53
name = DNS mode = ENABLE
scope = CUSTOM addresses = 157.60.0.1,
172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
delete portopening
Used to delete an existing port-based exception.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
delete portopening
[ protocol = ] TCP|UDP|ALL
[ port = ] 1-65535
[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL
[ interface = ] name ]
Deletes firewall port configuration.
Parameters:
protocol - Port protocol.
TCP - Transmission Control Protocol (TCP).
UDP - User Datagram Protocol (UDP).
ALL - All protocols.
port - Port number.
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
interface - Interface name (optional).
Remarks: 'profile' and 'interface' may not
be specified together.
Examples:
delete portopening TCP 80
delete portopening UDP 500
delete portopening protocol = TCP port = 80
delete portopening protocol = UDP port = 500
set service
Used to enable or disable the pre-defined file and printer sharing, remote administration, remote desktop, and UPnP exceptions.
Syntax:
Note Some parts of the following code snippet
have been displayed in multiple lines only for better readability.
These should be entered in a single line.
set service
[ type = ] FILEANDPRINT|REMOTEADMIN|
REMOTEDESKTOP|UPNP|ALL
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]
Sets firewall service configuration.
Parameters:
type - Service type.
FILEANDPRINT - File and printer sharing.
REMOTEADMIN - Remote administration.
REMOTEDESKTOP - Remote assistance and remote
desktop.
UPNP - UPnP framework.
ALL - All types.
mode - Service mode (optional).
ENABLE - Allow through firewall (default).
DISABLE - Do not allow through firewall.
scope - Service scope (optional).
ALL - Allow all traffic through firewall
(default).
SUBNET - Allow only local network (subnet) traffic
through firewall.
CUSTOM - Allow only specified traffic through
firewall.
addresses - Custom scope addresses (optional).
profile - Configuration profile (optional).
CURRENT - Current profile (default).
DOMAIN - Domain profile.
STANDARD - Standard profile.
ALL - All profiles.
Remarks: 'scope' ignored if 'mode' is DISABLE.
'scope' must be 'CUSTOM' to specify
'addresses'.
Examples:
set service FILEANDPRINT
set service REMOTEADMIN ENABLE SUBNET
set service REMOTEDESKTOP ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.
0.0.0,LocalSubnet
set service type = FILEANDPRINT
set service type = REMOTEADMIN mode = ENABLE
scope = SUBNET
set service type = REMOTEDESKTOP mode = ENABLE
scope = CUSTOM
addresses = 157.60.0.1,172.16.0.0/16,10.
0.0.0/255.0.0.0,LocalSubnet
show commands
The following show commands are used to display the current configuration:
show allowedprogram Displays the excepted programs.
show config Displays the local configuration information.
show currentprofile Displays the current profile.
show icmpsetting Displays the ICMP settings.
show logging Displays the logging settings.
show multicastbroadcastresponse Displays multicast/broadcast response settings.
show notifications Displays the current settings for notifications.
show opmode Displays the operational mode.
show portopening Displays the excepted ports.
show service Displays the services.
show state Displays the current state information.
For additional information about the show config and show state commands, see Troubleshooting Windows Firewall in Microsoft Windows XP Service Pack 2.
https://technet.microsoft.com/en-us/library/bb490617.aspx
Appendix B: Netsh Command Syntax for the Netsh Firewall Context的更多相关文章
- 在Win10中手动添加/修改本地IP
1 前言 好久没动Win10了... 今天需要用Win10做一下实验,手动修改IP,于是写下了这篇文章作为过程记录. 2 概述 Win10里面修改本地IP不是一件特别困难的事,简单来说可以分为两种方式 ...
- netsh
NetSH (Network Shell) 是windows系统本身提供的功能强大的网络配置命令行工具. 导出配置脚本:netsh -c interface ip dump > c:\inter ...
- windows 7 netsh wlan命令连接wifi
显示本机保存的profiles,配置文件是以wifi的ssid命名的. netsh wlan show profiles 用netsh wlan connect name=00_1111 连接其中一个 ...
- Delphi 调用netsh命令修改IP地址
Delphi 调用netsh命令修改IP地址 先介绍一下Netsh命令的使用方法: 在这里跟大家介绍几个简单的指令 1.Show IP 1.1Cmd Mode 直接在cmd下面输入 netsh int ...
- NETSH WINSOCK RESET这条命令的含义和作用?
简单来说netsh winsock reset命令含义是重置 Winsock 文件夹.假设一台机器上的Winsock协议配置有问题的话将会导致网络连接等问题,就须要用netsh winsock res ...
- NETSH WINSOCK RESET这个命令的意义和效果?
简要地netsh winsock reset命令含义复位 Winsock 文件夹.一机多用的假设Winsock协议配置问题,那么问题会导致网络连接,我们需要使用netsh winsock reset命 ...
- Netsh 命令详解
1. help帮助指南 2. 常用命令介绍netsh interface ip show addressnetsh interface ip dumpnetsh interface ip dump & ...
- windows下端口转发 netsh
添加映射表: netsh interface portproxy add v4tov4 listenport=(监听端口) connectaddress=(虚机IP) connectport=(虚机端 ...
- cmd 与 网卡(netsh 命令)
1. 通过命令提示符(cmd)命令连接 Wi-Fi 1.1 连接曾经连接过的 Wi-Fi :: 查看配置的列表(::表示注释) netsh wlan show profile :: 连接 netsh ...
随机推荐
- WPF学习笔记——在“System.Windows.StaticResourceExtension”上提供值时引发了异常
在"System.Windows.StaticResourceExtension"上提供值时引发了异常 因应需要,写了一个转换器,然后窗体上引用,结果就出来这个错.编译的时候没事, ...
- SQL 琐碎记录
1. 查看mysql现在已提供什么存储引擎: SHOW ENGINES ; 2. 查看mysql当前默认的存储引擎: SHOW VARIABLES LIKE '%storage_engine%'; 3 ...
- C# 读取ini文件 百度问问学习文档
C# 读取ini文件 10 有多个section,现想读取整个ini文件和指定section下所有内容 补充: 发布答案可以,请对准题目啊,我不要指定节点的内容,我知道!我要的是读取指定区域的内容,假 ...
- Codeforces--630C--Lucky Numbers(快速幂)
C - Lucky Numbers Crawling in process... Crawling failed Time Limit:500MS Memory Limit:65536K ...
- B1085 [SCOI2005]骑士精神 A*搜索
其实就是一个爆搜加剪枝.直接爆搜肯定不行,而A*算法则是想假如剩下都是最优的话,我当前步数还是不足以达到这个状态,那么就直接返回,因为最优状态也无法做到显然不行. 这道题可以用A*最主要就是因为有15 ...
- bzoj2115
线性基+dfs树 我们先搞出dfs树,其实最终路径就是最初的路径和一些环异或. 环最多只有m-n+1,因为一共有m条边,然后有n-1条边在dfs树上,所以还剩m-n+1条边,都可以构成环. 所以dfs ...
- FFMS SQL文件执行错误
[mysql] # 设置mysql客户端默认字符集 default-character-set=utf8 [mysqld] #设置3306端口 port = 3306 # 设置mysql的安装目录 b ...
- Spell checker(串)
http://poj.org/problem?id=1035 题意:给定一个单词判断其是否在字典中,若存在输出"%s is correct",否则判断该单词删掉一个字母,或增加一个 ...
- 日期数据类型为Date ,前台传递喂String的后台处理
方法一: 在实体类里面将set方法里面将数据类型转为Date public void setBirth(String birth) { SimpleDateFormat sdf = new Simpl ...
- JavaScript中比较运算符的使用
比较运算符的基本操作过程是:首先对操作数进行比较,这个操作数可以是数字也可以是字符串,然后返回一个布尔值true或false. 在JavaScript中常用的比较运算符如下表所示. 例如,某商场店庆搞 ...