Add a Port to the Firewall Rules List

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Use this procedure to add a TCP or UDP port to the Windows Firewall exceptions list. When you add a port to the exceptions list, the port is always open; unsolicited incoming traffic is always allowed to pass through the port unless you select the Don't allow exceptions option when you turn on Windows Firewall. This procedure is useful when you know the port on which a program or service listens for incoming traffic and you want to run the program or service on your computer.

Administrative Credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.

Special Considerations

You can configure Windows Firewall settings in the standard profile or the domain profile. The domain profile is used when a computer is connected to a network in which the computer's domain account resides. The standard profile is used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network or the Internet. Make sure Windows Firewall is using the correct profile when you perform this procedure.

For more information about Windows Firewall profiles, see Managing Windows Firewall Profiles.

You should configure scope settings for any exceptions that you create or enable. For more information about scope settings, see Configuring Scope Settings.

To add a port to the exceptions list

This procedure can be performed using the graphical user interface or the command prompt.

Using the graphical user interface

To add a port to the exceptions list

1. Open Windows Firewall.

2. Click the Exceptions tab, and then click Add Port.

3. In Name, type a name for the port exception. This name will appear in the exceptions list.

4. In Port number, type the number of the port that you want to add to the exceptions list.

5. Click either TCP or UDP, depending on the type of traffic, and then click OK.

If a Windows Firewall setting appears dimmed in the graphical user interface, and on the General tab, you see For your security, some settings are controlled by Group Policy, the setting might be managed by Group Policy. If all Windows Firewall settings appear dimmed, and on the General tab, you see You must be a computer administrator to change these settings, you do not have administrative rights to configure Windows Firewall.

Using the command prompt

To add a port to the exceptions list

• Type the following at the command prompt, and press ENTER:

  netsh firewall set portopening protocol = protocol port = port name = name mode = enable

Substitute values for the placeholders in italics. The following table lists possible values for each placeholder.

If you get an "Access Denied" message when you run a command, you do not have administrative rights to configure Windows Firewall. If you get an "Ok" message but the command does not take effect, the setting might be managed by Group Policy.

Notes

• To start Windows Firewall, click Start, point to Control Panel, and then click Windows Firewall.

• To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command Prompt.

• You can also use Group Policy settings to perform this procedure and configure other Windows Firewall settings.

• Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

See Also

Concepts

Configuring Port Firewall Rules
Known Issues for Managing Firewall Rules
Identify Unblocked Servers, Listeners, and Peers
Identify Blocked Servers, Listeners, and Peers
Edit or Delete a Port Firewall Rule