Tip: Use the Netsh Command to Manage the Windows Vista Firewall

If you need to make firewall settings repeatedly—on a single computer as conditions change or, perhaps, on a fleet of computers—you’ll find working with Windows Firewall (the Control Panel application) or Windows Firewall With Advanced Security to be a bit cumbersome. The Netsh command, using its Firewall or Advfirewall context, provides an alternative way to view or modify all manner of Windows Firewall settings. For example, you can enable Windows Firewall with this command:

netsh firewall set opmode enable

The Netsh Firewall context can be considered the basic context, where you can find current firewall settings at a high level. It’s roughly comparable to the Windows Firewall application in Control Panel. From the command prompt, you can see the basic configuration by typing:

netsh firewall show config

To see more details about the configuration, use the Advfirewall context—the command-line counterpart to Windows Firewall With Advanced Security. The Advfirewall context contains three subcontexts: Firewall, Consec, and Monitor. The Firewall subcontext can be used to show the rule details for specific (or all) rules or set new values for existing rules. You can also add rules on the fly using this subcontext. The Consec subcontext is used to work with connection security rules on the computer. The Monitor subcontext is used to view and set security associations.

To view all of the rules within Windows Firewall from the command line (be prepared for a lot of output), type:

netsh advfirewall firewall show rule name=all

With dozens of keywords and options, the Netsh Firewall and Netsh Advfirewall commands are quite complex. The best way to learn about the various possibilities is through the help available from the command line. You’ll need to do it in several steps, appending another keyword each time. For example, start by entering netsh firewall ? at a command prompt. This returns a list of each of the keywords that you can put after firewall—Add, Delete, Dump, Help, Reset, Set, and Show—along with a brief description of each. Next you might type netsh firewall set ? to learn about each of the Set options. Then you’d type netsh firewall set opmode ? and so on, until you reach a screen that shows the command syntax and explains all the parameters for the command you’ve entered.

From the Microsoft Press book Windows Vista Inside Out.

Looking for More Tips?

For more Windows Vista tips, visit the TechNet Magazine Windows Vista Tips page.

For more Tips on other products, visit the TechNet Magazine Tips index.