简介
netsh advfirewall firewall 命令行在Windows Vista 和 Windows Server 2008 中可用。
它提供了用于控制 Windows 防火墙行为的功能。
在早期版本的 Windows <包含Win7>操作系统中应该使用 netsh firewall 命令。
新版本的命令行提供了更精确地控制的防火墙规则的功能,这些规则包括以下的每个配置文件设置︰
域(Domain)
私有(Private)
公共(Public)
需要以管理员身份运行
Old command 针对Win7以下版本<包含Win7>
详细信息
示例 1︰ 启用程序
| Old command | New command |
|---|---|
| netsh firewall add allowedprogram C:\MyApp\MyApp.exe “My Application” ENABLE | netsh advfirewall firewall add rule name= “My Application” dir=in action=allow program= “C:\MyApp\MyApp.exe” enable=yes |
| netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name= “My Application” mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=Domain | netsh advfirewall firewall add rule name= “My Application” dir=in action=allow program= “C:\MyApp\MyApp.exe” enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain |
| netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name= “My Application” mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=ALL | netsh advfirewall firewall add rule name= “My Application” dir=in action=allow program=”C:\MyApp\MyApp.exe” enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain
netsh advfirewall firewall add rule name= “My Application” dir=in action=allow program=”C:\MyApp\MyApp.exe” enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private |
示例 2︰ 启用端口
| Old command | New command |
|---|---|
| netsh firewall add portopening TCP 80 “Open Port 80” | netsh advfirewall firewall add rule name=”Open Port 80″ dir=in action=allow protocol=TCP localport=80 |
示例 3︰ 删除启用的程序或端口
| Old command | New command |
|---|---|
| netsh firewall delete allowedprogram C:\MyApp\MyApp.exe | netsh advfirewall firewall delete rule name=rule nameprogram=“C:\MyApp\MyApp.exe“ |
| delete portopening protocol=UDP port=500 | netsh advfirewall firewall delete rule name=rule name protocol=udp localport=500 |
示例 4︰ 配置 ICMP 设置
| Old command | New command |
|---|---|
| netsh firewall set icmpsetting 8 | netsh advfirewall firewall add rule name=“ICMP Allow incoming V4 echo request“protocol=icmpv4:8,any dir=in action=allow |
| netsh firewall set icmpsetting type=ALL mode=enable | netsh advfirewall firewall add rule name=“All ICMP V4” protocol=icmpv4:any,any dir=in action=allow |
| netsh firewall set icmpsetting 13 disable all | netsh advfirewall firewall add rule name=“Block Type 13 ICMP V4” protocol=icmpv4:13,any dir=in action=block |
示例 5︰设置日志记录
| Old command | New command |
|---|---|
| netsh firewall set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 4096 ENABLE ENABLE | netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log
netsh advfirewall set currentprofile logging maxfilesize 4096 netsh advfirewall set currentprofile logging allowedconnections enable |
currentprofile 可以使用/Domainprofile/Privateprofile/Publicprofile/选项替换
示例 6︰ 启用 Windows 防火墙
| Old command | New command |
|---|---|
| netsh firewall set opmode ENABLE | netsh advfirewall set currentprofile state on |
| netsh firewall set opmode mode=ENABLE exceptions=enable | Netsh advfirewall set currentprofile state on
netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound |
| netsh firewall set opmode mode=enable exceptions=disable profile=domain | Netsh advfirewall set domainprofile state on
netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound |
| netsh firewall set opmode mode=enable profile=ALL | netsh advfirewall set domainprofile state on
netsh advfirewall set privateprofile state on |
示例 7︰ 还原默认策略设置
| Old command | New command |
|---|---|
| netsh firewall reset | netsh advfirewall reset |
示例 8︰ 启用特定服务
| Old command | New command |
|---|---|
| netsh firewall set service FileAndPrint | netsh advfirewall firewall set rule group=“File and Printer Sharing” new enable=Yes |
| netsh firewall set service RemoteDesktop enable | netsh advfirewall firewall set rule group=”remote desktop” new enable=Yes |
| netsh firewall set service RemoteDesktop enable profile=ALL | netsh advfirewall firewall set rule group=”remote desktop” new enable=Yes profile=domain
netsh advfirewall firewall set rule group=”remote desktop” new enable=Yes profile=private |
一、如果您发现本站侵害了相关版权,请附上本站侵权链接和您的版权证明一并发送至邮箱:yehes#qq.com(#替换为@)我们将会在五天内处理并断开该文章下载地址。
二、本站所有资源来自互联网整理收集,全部内容采用撰写共用版权协议,要求署名、非商业用途和相同方式共享,如转载请也遵循撰写共用协议。
三、根据署名-非商业性使用-相同方式共享 (by-nc-sa) 许可协议规定,只要他人在以原作品为基础创作的新作品上适用同一类型的许可协议,并且在新作品发布的显著位置,注明原作者的姓名、来源及其采用的知识共享协议,与该作品在本网站的原发地址建立链接,他人就可基于非商业目的对原作品重新编排、修改、节选或者本人的作品为基础进行创作和发布。
四、基于原作品创作的所有新作品都要适用同一类型的许可协议,因此适用该项协议, 对任何以他人原作为基础创作的作品自然同样都不得商业性用途。
五、根据二〇〇二年一月一日《计算机软件保护条例》规定:为了学习和研究软件内含的设计思想和原理,通过安装、显示、传输或者存储软件等方式使用软件的,可不经软件著作权人许可,无需向其支付报酬!
六、鉴此,也望大家按此说明转载和分享资源!本站提供的所有信息、教程、软件版权归原公司所有,仅供日常使用,不得用于任何商业用途,下载试用后请24小时内删除,因下载本站资源造成的损失,全部由使用者本人承担!
