Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. Netsh also provides a scripting feature that allows you to run a group of commands in batch mode against a specified computer. Netsh can also save a configuration script in a text file for archival purposes or to help you configure other servers.
The following Netsh commands can be used in scripts or at the command line to configure Windows Firewall:
• add allowedprogram
• set allowedprogram
• delete allowedprogram
• set icmpsetting
• set multicastbroadcastresponse
• set notifications
• set logging
• set opmode
• add portopening
• set portopening
• delete portopening
• set service
• show
Some examples:
Netsh firewall>show portopening – active ports
Netsh firewall>show config – network cards configuration
Netsh firewall>show opmode – check if firewall is enable or disable
Netsh firewall>show allowedprogram – list of allowed programs
Netsh firewall>set portopening TCP 5900 VNC – allow exception to VNC port
Netsh firewall>set allowedprogram c:\nmap\nmap.exe Nmap enable – add nmap application to the exceptions firewall list
…
