Configuring Windows 2008 Firewall with the command line

Use the netsh tool to configure the firewall in the Windows Command Line Interface (CLI). There are many reasons to choose this configuration method, let us find the answer together.

Understanding Netsh advfirewall Tools

In the new Windows 2008 Server, you will see a more advanced host-based firewall. In the last article we have mentioned some of its new features:

· new graphical interface — now configure this advanced firewall through a management console unit.

· Two-way protection & mdash; Filter outbound and inbound traffic.

· Better cooperation with IPSEC — now firewall rules and IPSec encryption configurations are integrated into one interface.

·Advanced Rules Configuration — You can create firewall rules for various objects on Windows Server and configure firewall rules to block or allow traffic to pass through Windows Firewall with advanced security.

Netsh is a command-line tool that you can use to configure network component settings. Windows Firewall with advanced security provides the netsh advfirewall tool, which you can use to configure Windows Firewall settings with advanced security. Use netsh advfirewall to create scripts to automatically configure a set of Windows Firewall settings with advanced security for both IPv4 and IPv6 traffic. You can also use the netsh advfirewall command to display the configuration and status of a Windows Firewall with advanced security.

Why use a command line interface to configure a Windows firewall?

As the saying goes, turnip greens have their own love. Some people like to use the graphical management unit to configure this new firewall, and some people prefer to complete their configuration through the command line, for the following reasons:

· configuration faster — Once you've mastered how to use the netsh advfirewall command, configuring the firewall is much faster than using a graphical interface.

· can write scripts — with this tool you can script some common functions.

· Firewall &mdash can still be configured when the graphical interface is not available; like other command line tools, when the graphical interface is not available, for example in Windows Server 2008 Core mode, you can still use netsh The advfirewall tool is used to configure the firewall.

What are the commands available?

Netsh advfirewall has a lot of commands. Today we choose the most common commands you must master to introduce to you.

1, help command (or “?”)

Although simple, but this may be the most useful command. Any time you type the "?” command, you will see all the options related to the context, as shown in Figure 1.

Figure 1, netsh advfirewall and help options

2, consec (connection security rules) command

This connection rule allows you to create IPSEC between two systems VPN. In other words, the consec rule allows you to enforce the security of communication through the firewall, not just restrict or filter it.

This command will take you to the connection security configuration mode as follows:

Netsh advfirewall>consec

Netsh advfirewall consec>

Now If you type the "?” command, you will see six different commands in netsh advfirewall consec (see Figure 2).

From here you can see that you can modify the security rules with the following command:

Commands in this context:

·add commands allow you to add new connections Security rules;

·delete commands let you delete all matching connection security rules;

·dump command displays a configuration script;

·help can display commands List.

· The set command lets you set new values ​​for the properties of an existing rule.

Figure 2, netsh advfirewall consec command options

show command

To see the current status of the firewall, you will have to use this show command, then provide three Different commands are available.

·Show alias lists all defined aliases for you;

·show helper lists all top helpers;

·Show mode commands can be steel balls you Shows whether the firewall is online or offline.

3.Export Command

This command allows you to export all current firewall configurations to a file. This command is very useful because you can back up all the configuration to the file. If you are not satisfied with the configuration you have already made, you can use this file to restore the state before the modification.

The following is an application example:

netsh advfirewall export “c:advfirewall.wfw”

4, Firewall command

You can use this command Add new inbound and outbound rules to your firewall. It also allows you to modify the rules in the firewall.

Figure 3, netsh advfirewall firewall

In the firewall context command, you will see four important commands, namely:

·Add command allows you to increase Inbound and outbound rules;

·Delete commands let you delete a rule;

·Set command sets new values ​​for existing rule properties;

· The Show command will display a specified firewall rule.

The following is an example of adding and removing a firewall rule:

Adding an inbound rule for messenger.exe

netsh advfirewall firewall add rule name="allow messenger" ; dir=in program="c:programfilesmessengermsmsgs.exe” action=allow

Delete all inbound rules for local port 21:

netsh advfirewall firewall delete name rule name=all protocol =tcp localport=21

5, Import command

Import command allows you to import the configuration of the firewall from a file. This command allows you to restore the firewall configuration that you previously exported using the export command. Here's an example:

Netsh advfirewall import “c:advfirewall.wfw”

6, Reset

This command lets you reset the firewall policy to the default policy state. Be cautious when using this command, because once you type this command and press Enter, it will no longer let you confirm if you really want to reset, directly restore the firewall policy.

Example commands are as follows:

Netsh advfirewall reset

7, Set command

The set command will allow you to modify the different settings of the firewall. There are six related context commands.

Figure 4, netsh advfirewall set