Export (0) Print
Expand All
5 out of 7 rated this helpful - Rate this topic

To configure IPv6 Internet Connection Firewall

Updated: February 02, 2006

Netsh is a command-line scripting tool that allows you to display or modify the network configuration of a computer running Windows XP. Netsh supports various networking components through a context, a series of commands that is specific to the component. To configure the IPv6 Internet Connection Firewall (ICF) provided with the Advanced Networking Pack for Windows XP, you must use commands in the netsh firewall context.

Note

  • IPv6 Internet Connection Firewall is only provided with the Advanced Networking Pack for Windows XP, a free download for computers running Windows XP with Service Pack 1. For computers running Windows XP with Service Pack 2, IPv6 Internet Connection Firewall has been replaced with the new Windows Firewall. For more information about Windows Firewall, see Manually Configuring Windows Firewall in Windows XP Service Pack 2.

    Computers running Windows XP with Service Pack 2 and Windows Firewall have a new netsh firewall context and a new set of commands to configure Windows Firewall. The set of commands in this article are only for IPv6 Internet Connection Firewall, not for Windows Firewall. For information about the netsh firewall commands for Windows Firewall, see Appendix B of Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2.

To enter the netsh firewall context, type netsh –c firewall at a Windows command prompt. From the netsh firewall> prompt. You can use the following commands for IPv6 ICF:

  • show

    Displays the IPv6 ICF configuration.

  • show globalport

    Displays the global ports. These are ports that are configured on all network adapters. It does not indicate whether any global ports are being ignored on any particular network adapter.

    Example:

    netsh firewall> show globalport
          Description      OpenPort        Protocol
          ------------------------------------------------------
          IPv6 web server   80                TCP
          P2P (Grouping)   3587         TCP
          P2P (Grouping)   3587         UDP
          P2P (PNRP)      3540         TCP
          P2P (PNRP)      3540         UDP
    
  • show adapter

    Displays the IPv6 ICF configuration information for a single network adapter.

    Usage: netsh firewall>

    show adapter [name]

    When you type

    show adapter
    , a list of all network adapters with IPv6 configured appears. Each item indicates whether filtering is enabled for that adapter.

    Example:

    netsh firewall> show adapter
          ------------------------------------------------------------
          AdapterFriendlyName                  IPv6FilteringEnabled
          ------------------------------------------------------------
          Local Area Network                   Yes
          6to4 Pseudo-Interface             Yes
          Teredo Tunneling Pseudo-Interface   Yes
          ------------------------------------------------------------
    

    When the adapter name is added to the argument, you’ll see a list of all the ports that are open (containing the description, the port number, and the protocol) and a list of all the Internet Control Message Protocol (ICMP) options and their states (containing the description, ICMP type number, and state).

    • EffectivePort: This is a list of the actual ports that are open. This is a combination of global ports, per-adapter ports, and ignored ports.

    • OpenPort: This is a list of ports that are opened specifically for the network adapter.

    • IgnoredGlobalPort: This is a list of the global ports that are ignored on this network adapter.

    Example:

    netsh firewall> show adapter Local Area Network
    Description      EffectivePort     Protocol
          ------------------------------------------------------
          P2P (Grouping)   3587         TCP
          P2P (Grouping)   3587         UDP
          P2P (PNRP)      3540         TCP
          P2P (PNRP)      3540         UDP
          Messenger      13654         UDP
          Messenger      13814         TCP
          Description      OpenPort        Protocol
          ------------------------------------------------------
          Messenger      13654         UDP
          Messenger      13814         TCP
          Description      IgnoredGlobalPort Protocol
          ------------------------------------------------------
          IPv6 web server   80                TCP
          Description                  ICMPTypeNo   Enabled
          -------------------------------------------------------------
          Allow Outbound Destination Unreachable   1      No
          Allow Outbound Packet Too Big         2      No
          Allow Outbound Time Exceeded         3      No
          Allow Outbound Parameter Problem      4      No
          Allow Incoming Echo Request         128      Yes
          Allow Redirect               137      No
    
  • show logging

    Displays the logging configuration information, including which logging options are enabled, the location of the log file, and the log file size.

    Example:

    netsh firewall> show logging
    Logging Configuration for IPv6 Internet Connection Firewall
      Successful Connections:  Disabled
      Dropped Packets:         Disabled
      File location:           C:\WINDOWS\pfirewall-v6.log
      File size:               4096 Kb
    
  • set globalport

    Allows you to configure ports on all network adapters. Creating a global port allows inbound traffic to that port on all network adapters, except those that are configured to ignore the global port. If you use the globalport command to open port numbers on all network adapters, you can then selectively close port numbers on one or more network adapters. For example, you may have a computer that acts as a Web server and has multiple network adapters to connect to the Internet and then one network adapter to connect to your private network. You could open port 80 on all of the network adapters using globalport, and then use the set adapter command to close port 80 on the network adapter that connects to your private network. For more information about the

    ignoreglobalport
    parameter, see the set adapter command.

    The following commands are used to support global port configuration:

    set globalport [port#=enable|disable] [name=name] 
    [protocol=tcp|udp]
    
    • port# Specifies the port number to be enabled or disabled.

    • name Allows the user to provide a description of what the filter exception is for (example: my Web server).

    • protocol Allows the user to specify whether TCP or UDP traffic is allowed. If no value is specified, TCP will be selected.

    Examples:

    set globalport 8080=enable
    set globalport 80=enable name=my web server protocol=tcp
    set globalport 80=disable
    
  • set adapter

    Allows you to configure changes for individual network adapters.

    Usage:    set adapter [name] [icmp type#=enable|disable] [port port#=enable|disable [name=name] [protocol=tcp|udp]] 
    [ignoreglobalport port#=enable|disable] [name=name] [protocol=tcp|udp]] [filtering=enable|disable]
    

    This command can set ICMP options, create or remove port policy, and enable or disable IPv6 filtering for a single connection.

    • icmp Makes changes to the adapters ICMP configuration.

    • type# Specifies the ICMPv6 type number that is to be enabled/disabled.

    • port Makes changes to the adapter-specific list of open ports. Note that adapter-specific open ports are not affected by ignored global ports. For example, if TCP port 80 is set to enabled using the port command, subsequently using ignoreglobalport for TCP port 80 on the same adapter will have no effect. Inbound traffic to the adapter in question will continue to be allowed through TCP port 80).

    • ignoreglobalport Makes changes to the list of global ports that are to be ignored by this adapter. An ignored global port will override the global port setting, and disallow inbound traffic to the ignored port for the adapter in question.

    • port# Specifies the port number to be enabled or disabled, or the number of the global port that is to be ignored or allowed.

    • name Allows the user to provide a description of what the filter exception is for. An example is my Web server.

    • protocol Allows the user to specify whether TCP or UDP traffic is allowed. If no value is specified, TCP will be selected.

    • filtering Makes changes to the state of filtering on this adapter, such as whether the firewall is enabled or disabled for the adapter.

    Examples:

    netsh firewall> set adapter Local Area Connection filtering=disable
    netsh firewall> set adapter Local Area Connection port 80=enable protocol=tcp
    netsh firewall> set adapter Local Area Connection icmp 129=enable port 80=disable
    netsh firewall> set adapter Local Area Connection ignoreglobalport 80=enable name=no web server access protocol=tcp 
    netsh firewall> set adapter Local Area Connection ignoreglobalport 80=disable
    
  • set logging

    Allows you to configure logging options. Use this command to specify where the file is written to on your hard disk, the size of the log file, and if dropped packets and/or successful connections are logged. The file size has an upper limit of 32,767 KB. The log file name that is specified is for the IPv6 ICF log file; the IPv4 log file is separate.

    Usage:  set logging [filelocation=<location>][filesize=integer] [droppedpackets=enable|disable] [successfulconnections=enable|disable]
    

    Examples:

    netsh firewall> set logging filelocation=c:\logfile.log filesize=4096
    netsh firewall> set logging droppedpackets=enable
    netsh firewall> set logging filesize=9068 successfulconnections=enable
    

For more information about configuring the IPv6 Internet Connection Firewall logging options, see Internet Protocol version 6 (IPv6) Internet Connection Firewall log file overview.

For more information about using netsh and IPv6, go to the Windows XP Help and Support Center.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.