Strona główna > FireWall > Using Netsh with Windows XP And Windows 2003 Firewall

Using Netsh with Windows XP And Windows 2003 Firewall

Enable the Firewall and DO NOT Allow Port/Program Exceptions:


C:\Documents and Settings\metasploit\netsh firewall set opmode enable disable

Ok.

C:\Documents and Settings\metasploit\netsh firewall show opmode

Domain profile configuration:

-------------------------------------------------------------------

Operational mode                  = Enable

Exception mode                    = Enable

Standard profile configuration (current):

-------------------------------------------------------------------

Operational mode                  = Enable

Exception mode                    = Disable

Local Area Connection firewall configuration:

-------------------------------------------------------------------

Operational mode                  = Enable

Enable Firewall and Allow Port/Program Exceptions:


C:\Documents and Settings\metasploit>netsh firewall set opmode enable enable

Ok.

C:\Documents and Settings\metasploit>netsh firewall show opmode

Domain profile configuration:

-------------------------------------------------------------------

Operational mode                  = Enable

Exception mode                    = Enable

Standard profile configuration (current):

-------------------------------------------------------------------

Operational mode                  = Enable

Exception mode                    = Enable

Local Area Connection firewall configuration:

-------------------------------------------------------------------

Operational mode                  = Enable

Disable the Firewall:


C:\Documents and Settings\metasploit>netsh firewall set opmode disable

Ok.

C:\Documents and Settings\metasploit>netsh firewall show opmode

Domain profile configuration:

-------------------------------------------------------------------

Operational mode                  = Enable

Exception mode                    = Enable

Standard profile configuration (current):

-------------------------------------------------------------------

Operational mode                  = Disable

Exception mode                    = Enable

Local Area Connection firewall configuration:

-------------------------------------------------------------------

Operational mode                  = Enable

Add/Modify program-based exception using command line


C:\Documents and Settings\metasploit>netsh firewall add allowedprogram

The syntax supplied for this command is not valid. Check help for the correct syntax.

add allowedprogram

[ program = ] path

[ name = ] name

[ [ mode = ] ENABLE|DISABLE

[ scope = ] ALL|SUBNET|CUSTOM

[ addresses = ] addresses

[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]

Adds firewall allowed program configuration.

Parameters:

program - Program path and file name.

name - Program name.

mode - Program mode (optional).

ENABLE  - Allow through firewall (default).

DISABLE - Do not allow through firewall.

scope - Program scope (optional).

ALL    - Allow all traffic through firewall (default).

SUBNET - Allow only local network (subnet) traffic through firewall.

CUSTOM - Allow only specified traffic through firewall.

addresses - Custom scope addresses (optional).

profile - Configuration profile (optional).

CURRENT  - Current profile (default).

DOMAIN   - Domain profile.

STANDARD - Standard profile.

ALL      - All profiles.

Remarks: 'scope' must be 'CUSTOM' to specify 'addresses'.

Examples:

add allowedprogram C:\MyApp\MyApp.exe MyApp ENABLE

add allowedprogram C:\MyApp\MyApp.exe MyApp DISABLE

add allowedprogram C:\MyApp\MyApp.exe MyApp ENABLE CUSTOM

157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet

add allowedprogram program = C:\MyApp\MyApp.exe name = MyApp mode = ENABLE

add allowedprogram program = C:\MyApp\MyApp.exe name = MyApp mode = DISABLE

add allowedprogram program = C:\MyApp\MyApp.exe name = MyApp mode = ENABLE

scope = CUSTOM addresses =

157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet

Delete existing program-based exception using command line

netsh firewall delete allowedprogram


C:\Documents and Settings\metasploit>netsh firewall delete allowedprogram

The syntax supplied for this command is not valid. Check help for the correct syntax.

delete allowedprogram

[ program = ] path

[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]

Deletes firewall allowed program configuration.

Parameters:

program - Program path and file name.

profile - Configuration profile (optional).

CURRENT  - Current profile (default).

DOMAIN   - Domain profile.

STANDARD - Standard profile.

ALL      - All profiles.

Examples:

delete allowedprogram C:\MyApp\MyApp.exe

delete allowedprogram program = C:\MyApp\MyApp.exe

Add/Modify port-based exception using command line

netsh firewall add portopening

Used to create a port-based exception.

netsh firewall set portopening

Used to modify the settings of an existing port-based exception.Syntax and parameters of commands add and setare identical.


C:\Documents and Settings\metasploit>netsh firewall add portopening

The syntax supplied for this command is not valid. Check help for the correct syntax.

add portopening

[ protocol = ] TCP|UDP|ALL

[ port = ] 1-65535

[ name = ] name

[ [ mode = ] ENABLE|DISABLE

[ scope = ] ALL|SUBNET|CUSTOM

[ addresses = ] addresses

[ profile = ] CURRENT|DOMAIN|STANDARD|ALL

[ interface = ] name ]

Adds firewall port configuration.

Parameters:

protocol - Port protocol.

TCP - Transmission Control Protocol (TCP).

UDP - User Datagram Protocol (UDP).

ALL - All protocols.

port - Port number.

name - Port name.

mode - Port mode (optional).

ENABLE  - Allow through firewall (default).

DISABLE - Do not allow through firewall.

scope - Port scope (optional).

ALL    - Allow all traffic through firewall (default).

SUBNET - Allow only local network (subnet) traffic through firewall.

CUSTOM - Allow only specified traffic through firewall.

addresses - Custom scope addresses (optional).

profile - Configuration profile (optional).

CURRENT  - Current profile (default).

DOMAIN   - Domain profile.

STANDARD - Standard profile.

ALL      - All profiles.

interface - Interface name (optional).

Remarks: 'profile' and 'interface' may not be specified together.

'scope' and 'interface' may not be specified together.

'scope' must be 'CUSTOM' to specify 'addresses'.

Examples:

add portopening TCP 80 MyWebPort

add portopening UDP 500 IKE ENABLE ALL

add portopening ALL 53 DNS ENABLE CUSTOM

157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet

add portopening protocol = TCP port = 80 name = MyWebPort

add portopening protocol = UDP port = 500 name = IKE mode = ENABLE scope =ALL

add portopening protocol = ALL port = 53 name = DNS mode = ENABLE

scope = CUSTOM addresses =

157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet

Delete existing port-based exception using command line

netsh firewall delete portopening

Used to delete an existing port-based exception.


C:\Documents and Settings\metasploit>netsh firewall delete portopening

The syntax supplied for this command is not valid. Check help for the correct sntax.

delete portopening

[ protocol = ] TCP|UDP|ALL

[ port = ] 1-65535

[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL

[ interface = ] name ]

Deletes firewall port configuration.

Parameters:

protocol - Port protocol.

TCP - Transmission Control Protocol (TCP).

UDP - User Datagram Protocol (UDP).

ALL - All protocols.

port - Port number.

profile - Configuration profile (optional).

CURRENT  - Current profile (default).

DOMAIN   - Domain profile.

STANDARD - Standard profile.

ALL      - All profiles.

interface - Interface name (optional).

Remarks: 'profile' and 'interface' may not be specified together.

Examples:

delete portopening TCP 80

delete portopening UDP 500

delete portopening protocol = TCP port = 80

delete portopening protocol = UDP port = 500

Windows Firewall Notifications

Applications can use Windows Firewall application programming interface (API) function calls to automatically add exceptions. When applications create exceptions using the Windows Firewall APIs, the user is not notified. If the application using the Windows Firewall APIs does not specify an exception name, the exception is not displayed in the exceptions list on the Exceptions tab of the Windows Firewall.

When an application that does not use the Windows Firewall API runs and attempts to listen on TCP or UDP ports, Windows Firewall prompts a local administrator with a Windows Security Alert dialog box.

Set option “Display a notification when Windows Firewall blocks a program” using command line

netsh firewall set notifications


C:\Documents and Settings\metasploit>netsh firewall set notifications

The syntax supplied for this command is not valid. Check help for the correct syntax.

set notifications

[ mode = ] ENABLE|DISABLE

[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]

Sets firewall notification configuration.

Parameters:

mode - Notification mode.

ENABLE  - Allow pop-up notifications from firewall.

DISABLE - Do not allow pop-up notifications from firewall.

profile - Configuration profile (optional).

CURRENT  - Current profile (default).

DOMAIN   - Domain profile.

STANDARD - Standard profile.

ALL      - All profiles.

Examples:

set notifications ENABLE

set notifications DISABLE

set notifications mode = ENABLE

set notifications mode = DISABLE

Enable or disable Windows Firewall pre-defined services using command line

netsh firewall set service

Used to enable or disable the pre-defined file and printer sharing, remote administration, remote desktop, and UPnP exceptions.


C:\Documents and Settings\metasploit>netsh firewall set service

The syntax supplied for this command is not valid. Check help for the correct syntax.

set service

[ type = ] FILEANDPRINT|REMOTEADMIN|REMOTEDESKTOP|UPNP|ALL

[ [ mode = ] ENABLE|DISABLE

[ scope = ] ALL|SUBNET|CUSTOM

[ addresses = ] addresses

[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]

Sets firewall service configuration.

Parameters:

type - Service type.

FILEANDPRINT  - File and printer sharing.

REMOTEADMIN   - Remote administration.

REMOTEDESKTOP - Remote assistance and remote desktop.

UPNP          - UPnP framework.

ALL           - All types.

mode - Service mode (optional).

ENABLE  - Allow through firewall (default).

DISABLE - Do not allow through firewall.

scope - Service scope (optional).

ALL    - Allow all traffic through firewall (default).

SUBNET - Allow only local network (subnet) traffic through firewall.

CUSTOM - Allow only specified traffic through firewall.

addresses - Custom scope addresses (optional).

profile - Configuration profile (optional).

CURRENT  - Current profile (default).

DOMAIN   - Domain profile.

STANDARD - Standard profile.

ALL      - All profiles.

Remarks: 'scope' ignored if 'mode' is DISABLE.

'scope' must be 'CUSTOM' to specify 'addresses'.

Examples:

set service FILEANDPRINT

set service REMOTEADMIN ENABLE SUBNET

set service REMOTEDESKTOP ENABLE CUSTOM

157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet

set service type = FILEANDPRINT

set service type = REMOTEADMIN mode = ENABLE scope = SUBNET

set service type = REMOTEDESKTOP mode = ENABLE scope = CUSTOM addresses =

157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet

Set Windows Firewall Security Logging using command line

netsh firewall set logging

Used to specify logging options.


C:\Documents and Settings\metasploit>netsh firewall set logging

The syntax supplied for this command is not valid. Check help for the correct syntax.

set logging

[ [ filelocation = ] path

[ maxfilesize = ] 1-32767

[ droppedpackets = ] ENABLE|DISABLE

[ connections = ] ENABLE|DISABLE ]

Sets firewall logging configuration.

Parameters:

filelocation - Log path and file name (optional).

maxfilesize - Maximum log file size in kilobytes (optional).

droppedpackets - Dropped packet log mode (optional).

ENABLE  - Log in firewall.

DISABLE - Do not log in firewall.

connections - Successful connection log mode (optional).

ENABLE  - Log in firewall.

DISABLE - Do not log in firewall.

Remarks: At least one parameter must be specified.

Examples:

set logging %windir%\pfirewall.log 4096

set logging %windir%\pfirewall.log 4096 ENABLE

set logging filelocation = %windir%\pfirewall.log maxfilesize = 4096

set logging filelocation = %windir%\pfirewall.log maxfilesize = 4096

droppedpackets = ENABLE

Set Windows Firewall ICMP Settings using command line

netsh firewall set icmpsetting

Used to specify excepted ICMP traffic.


C:\Documents and Settings\metasploit>netsh firewall set icmpsetting

The syntax supplied for this command is not valid. Check help for the correct syntax.

set icmpsetting

[ type = ] 2-5|8-9|11-13|17|ALL

[ [ mode = ] ENABLE|DISABLE

[ profile = ] CURRENT|DOMAIN|STANDARD|ALL

[ interface = ] name ]

Sets firewall ICMP configuration.

Parameters:

type - ICMP type.

2   - Allow outbound packet too big.

3   - Allow outbound destination unreachable.

4   - Allow outbound source quench.

5   - Allow redirect.

8   - Allow inbound echo request.

9   - Allow inbound router request.

11  - Allow outbound time exceeded.

12  - Allow outbound parameter problem.

13  - Allow inbound timestamp request.

17  - Allow inbound mask request.

ALL - All types.

mode - ICMP mode (optional).

ENABLE  - Allow through firewall (default).

DISABLE - Do not allow through firewall.

profile - Configuration profile (optional).

CURRENT  - Current profile (default).

DOMAIN   - Domain profile.

STANDARD - Standard profile.

ALL      - All profiles.

interface - Interface name (optional).

Remarks: 'profile' and 'interface' may not be specified together.

'type' 2 and 'interface' may not be specified together.

Examples:

set icmpsetting 8

set icmpsetting 8 ENABLE

set icmpsetting ALL DISABLE

set icmpsetting type = 8

set icmpsetting type = 8 mode = ENABLE

set icmpsetting type = ALL mode = DISABLE

Configure unicast response to a multicast or broadcast request behavior using command line

netsh firewall set multicastbroadcastresponse

Used to specify the unicast response to a multicast or broadcast request behavior.


C:\Documents and Settings\metasploit>netsh firewall set multicastbroadcastresponse

The syntax supplied for this command is not valid. Check help for the correct syntax.

set multicastbroadcastresponse

[ mode = ] ENABLE|DISABLE

[ [ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]

Sets firewall multicast/broadcast response configuration.

Parameters:

mode - Multicast/broadcast response mode.

ENABLE  - Allow responses to multicast/broadcast traffic through the

firewall.

DISABLE - Do not allow responses to multicast/broadcast traffic

through the firewall.

profile - Configuration profile (optional).

CURRENT  - Current profile (default).

DOMAIN   - Domain profile.

STANDARD - Standard profile.

ALL      - All profiles.

Examples:

set multicastbroadcastresponse ENABLE

set multicastbroadcastresponse DISABLE

set multicastbroadcastresponse mode = ENABLE

set multicastbroadcastresponse mode = DISABLE

Restore all Windows Firewall settings to default state using command line

netsh firewall reset

Used to reset the configuration of Windows Firewall to default settings. There are no command line options for the reset command.


C:\Documents and Settings\metasploit>netsh firewall reset

Ok.

Used to reset the configuration of Windows Firewall to default settings. There are no command line options for the reset command.

Display Windows Firewall settings using command line

netsh firewall show commands

The following show commands are used to display the current configuration:

  • show allowedprogram – Displays the excepted programs.
  • show config – Displays the local configuration information.
  • show currentprofile – Displays the current profile.
  • show icmpsetting – Displays the ICMP settings.
  • show logging – Displays the logging settings.
  • show multicastbroadcastresponse – Displays multicast/broadcast response settings.
  • show notifications – Displays the current settings for notifications.
  • show opmode – Displays the operational mode.
  • show portopening – Displays the excepted ports.
  • show service – Displays the services.
  • show state – Displays the current state information.

SOURCE:

http://technet.microsoft.com/library/bb877979

http://technet.microsoft.com/en-us/library/bb877964.aspx

http://www.microsoft.com/en-us/download/details.aspx?id=7405

http://www.microsoft.com/en-us/download/details.aspx?id=23800

Strony: 1 2 3

Kategorie:FireWall
  1. 24 czerwca, 2012 o 3:15 am

    Hello there, I discovered your blog via Google whilst searching
    for a similar matter, your website came up, it seems to be great.
    I’ve bookmarked it in my google bookmarks.
    Hello there, just was alert to your blog through Google, and located that it is really informative. I am going to be careful for brussels. I will be grateful if you proceed this in future. Many folks will likely be benefited out of your writing. Cheers!

  1. No trackbacks yet.

Skomentuj

Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj /  Zmień )

Zdjęcie na Google

Komentujesz korzystając z konta Google. Wyloguj /  Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj /  Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj /  Zmień )

Połączenie z %s

%d blogerów lubi to: