-
Notifications
You must be signed in to change notification settings - Fork 6
Home
Jon edited this page Nov 24, 2016
·
2 revisions
NOTE: this is a loose connection of notes that I'm trying to organize.
msfw provides a CLI for the built-in Windows firewall in Windows 7 or later. The primary goals are to allow easier administration of existing rules as well as provide easier methods for monitoring blocked packets.
Example netsh commands copied from Windows IT Pro
| Task | netsh advfirewall | msfw |
|---|---|---|
| Enable firewall for current profile | netsh advfirewall set currentprofile state on | |
| Enable fireall on all profiles | netsh advfirewall set allprofiles state on | |
| Reset to default settings | netsh advfirewall reset | |
| List all rules | netsh advfirewall firewall show rule name=all | msfw rule --status all |
| Enable logging | netsh advfirewall set currentprofile logging filename "C:\temp\pfirewall.log" | msfw updlog -e |
| Add rule blocking all ICMP traffic | netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=block protocol=icmpv4 | msfw addrule -n "All ICMP V4" --dir in --action block --protocol icmpv4 |
| Add rule allowing all ICMP traffic | netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4 | msfw addrule -n "All ICMP V4" --dir in --action allow --protocol icmpv4 |
| Add rule allowing connections to local port 1433 | netsh advfirewall firewall add rule name="Open SQL Server Port 1433" dir=in action=allow protocol=TCP localport=1433 | msfw addrule -n "Open SQL Server Port 1433" --dir in --action allow --protocol tcp --local *:1433 |
| delete rule matching name, protocol, and port | netsh advfirewall firewall delete rule name="Open SQL Server Port 1433" protocol=tcp localport=1433 | |
| add rule allowing program | netsh advfirewall firewall add rule name="Allow Messenger" dir=in action=allow program="C:\program files\messenger\msnmsgr.exe" | msfw addrule -n "Allow Messenger" --dir in --action allow --app "C:\program files\messenger\msnmsgr.exe" |
| enable rule group | netsh advfirewall firewall set rule group="remote administration" new enable=yes | |
| enable rule group | netsh advfirewall firewall set rule group="remote desktop" new enable=Yes | |
| export firewall config | netsh advfirewall export "C:\temp\WFconfiguration.wfw" | |
| export firewall config | netsh advfirewall import "C:\temp\WFconfiguration.wfw" |
If you're running in block all mode, then you can focus on only creating allow rules. If you're connected to a domain, then one of the first rules that you want to add is to allow your computer to talk to the domain controllers.