The widow server 2008 and the window vista contain the netsh advance firewall command- line context. In earlier windows operating system netsh firewall provide command line context which provides the functionality of firewall behavior. The precise control firewall rules functionality is also provide by this context. The following par- profile setting is also including this rule.

  • Public
  • Private
  • Domain

The future version of the windows operating system is might be deprecated by the netsh firewall command-line context. So for controlling firewall behavior using of the netsh advfirewall firewall is to be recommended. So this is how in window server 2008 and windows vista is controlled by window firewall behavior by using the netsh advfirewall context instead of netsh firewall.

Some prompt command for enabling a program

From a prompted command you can run the commands with elevated permissions but your computer should enabled with user account control or you have to be a member of administrators group. By elevated permission you can start a prompt command. At first find the start menu entry or the icon which is using to start a command prompt session. First right click it then click on run as administrator from options.

Some examples of the command which are frequently used provided in the following table.

Example 1: Enable a program

Old command procedures

You can use the command netsh firewall add allowedprogram C:\MyApp\MyApp.exe “My Application” ENABLE to enable the program. Similarly you can also specify the local subnet profile by typing netsh firewall add allowedprogram Program=C:\ MyApp\MyApp.exe name= “My Application” mode=Enable scope =CUSTOM addresses = 157.60,0.1 ,172.16.0.0/16 Local subnet profile=domain. You can also provide the complete access to all subnets by the following command netsh firewall add allowedprogram Program=C:\ MyApp\MyApp.exe name= “My Application” mode=Enable scope =CUSTOM addresses = 157.60,0.1 ,172.16.0.0/16 Local subnet profile= ALL

New command procedures

To enable a program use the new command procedure netsh advfirewall firewall add rule name = “My Application” dir=in action= allow program= “C:\MyApp\My App.exe” enable=yes

Run the following command

You can also specify the remote IP address by using netsh advfirewall firewall add rule name = “My Application” dir=in action= allow program= “C:\MyApp\My App.exe” enable=yes and mention the remote IP as Remoteip =157.60.0.1 , 172.16.0.0/16 Localsubnet profile-domain

You can also run the following commands if you want the information about how to add firewall rules.

Example 2: How to enable a port

Earlier people used this command netsh firewall add port opening TCP80 “Open port 80” to open a port but now you can use netsh advfirewall firewall add rule name= “Open port 80” dir=in action=allow protocol=TCP local port=80 to do the same function.

Example 3: Configure ICMP settings

The old way to configure this was netsh firewall set icmpsetting mode=enable but now you can use netsh advfirewall firewall add rule name=”all icmp v4” protocol=icmpv4: any, any dir=in action=allow

For more information about how to configure ICMP settings, you can also use the following options

Example 4: Set logging

To enable the set logging use netsh firewall set logging %systemroot%\system32\logfiles\firewall\pfirewall.log4096 ENABLE ENABLE

The following option is used to set the current profile logging Netsh advfirewall set current profile logging filename%systemroot%\system 32 \log files\firewall\pfirewall.log. You can also set the maximum file size netsh advfirewall set current profile logging maxfilesize 4096 and enable the dropped connections netsh advfirewall set currentprofile logging droppedconections enable. The allowed connections can be enabled by netsh advfirewall set current profile logging allowedconnections enable