Windows防火墙管理（xp系统）

适用于旧版 windows

通过netsh设置

netsh firewall show config 查看设置和状态

net stop sharedaccess 停用防火墙相关

net start sharedaccess 启动防火墙

命令行修改防火墙明细

开放端口

netsh firewall

add portopening

[ protocol = ] TCP|UDP|ALL

[ port = ] 1-65535

[ name = ] name # 防火墙规则名称

[ [ mode = ] ENABLE|DISABLE # 允许和不允许通过

[ scope = ] ALL|SUBNET|CUSTOM # 允许 所有流量/本地子网流量/指定流量 通过防火墙

[ addresses = ] addresses # scope为custom时指定ip范围

[ profile = ] CURRENT|DOMAIN|STANDARD|ALL # 配置文件类型

[ interface = ] name ] # 设置接口名称

netsh firewall add portopening

protocol=ALL port=54 name=DNS mode=ENABLE scope=CUSTOM

addresses=157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0

netsh firewall set portopening protocol=tcp port=8080 name=MyWebPort

netsh firewall show portopening

删除开放端口

netsh firewall

delete portopening

[ protocol = ] TCP|UDP|ALL

[ port = ] 1-65535

[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL

[ interface = ] name ]

netsh firewall delete portopening protocol=tcp port=54

netsh firewall delete portopening protocol=all port=22 profile=domain

添加放行程序

netsh firewall set allowedprogram

[ program = ] path # 程序路径

[ [ name = ] name # 自定义规则

[ mode = ] ENABLE|DISABLE # 是否允许通过

[ scope = ] ALL|SUBNET|CUSTOM # 允许 所有流量/本地流量/自定义流量 通过防火墙

[ addresses = ] addresses # 自定义流量时指定地址范围

[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ] # 使用 当前/域/标准/所有 配置文件

netsh firewall set allowedprogram program=c:\dir\exe.exe name=ProgName mode=ENABLE scope=subnet profile=current

删除放行程序

netsh firewall delete allowedprogram

[ program = ] path

[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]

netsh firewall delete allowedprogram program=c:\dir\exe.exe profile=current

设置防火墙日志配置

netsh firewall set logging

[ [ filelocation = ] path

[ maxfilesize = ] 1-32767

[ droppedpackets = ] ENABLE|DISABLE # 记录丢包

[ connections = ] ENABLE|DISABLE ] # 记录成功连接

netsh firewall set logging filelocation=c:\dir\xx.log maxfilesize=4096 droppedpackets=ENABLE

netsh firewall show logging

设置ICMP配置

netsh firewall set icmpsetting

[ type = ] 2-5|8-9|11-13|17|ALL

[ [ mode = ] ENABLE|DISABLE

[ profile = ] CURRENT|DOMAIN|STANDARD|ALL

[ interface = ] name ]

# 所有icmp连接类型都不许通过防火墙

netsh firewall set icmpsetting type=ALL mode=disable

# 查看icmp配置

netsh firewall show icmpsetting

设置防火墙服务配置

# 启用远程协助和远程桌面服务，只允许 157.60.0.1 的主机通过防火墙使用此服务

netsh firewall set service type=remotedesktop mode=enable scope=custom address=157.60.0.1 profile=all

# 将所有配置文件中远程协助和远程桌面服务关闭

netsh firewall set service type=remotedesktop mode=disable profile=all

netsh firewall show service

设置防火墙通知配置

# 让所有防火墙配置都不弹出通知消息

netsh firewall set notifications mode=DISABLE profile=all

恢复防火墙默认配置

netsh firewall reset