Windows Firewall Tricks

This section contains user-submitted tutorials.
Post Reply
User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Windows Firewall Tricks

Post by Dravion » 2018-06-11 12:31

If you just need to disable the Windows Firewall testwise, you can mess arround with dozens of pointless GUI options or just simply open Windows
Command prompt as Admin and type:

Windows Firewall OFF
netsh advfirewall set allprofiles state off

Windows Firewall ON
netsh advfirewall set allprofiles state on

Check your Windows Firewall running state with
netsh advfirewall show all state

And if you ever messed up your Windows Firewallsettings, just type in netsh advfirewall reset to go back to your Windows defaults.

#Reinstall Firewall
And if you destroyed your Windows Firewall you can reinstall it with following command (Admin Command prompt needed)
Rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf

Blocking IP's by Windows Firewall from a list of IPs from a Textfile
for /f %i in (badipaddresses.txt) do echo netsh advfirewall firewall add rule name="Block %i" dir=in protocol=any action=block remoteip=%i

Blocking single IP-Addresses manually
#Block a specific remote ip
netsh advfirewall firewall add rule name="Enemy_01" dir=in interface=any action=block remoteip=185.200.233.109
netsh advfirewall firewall add rule name="Enemy_02" dir=in interface=any action=block remoteip=192.101.93.10
netsh advfirewall firewall add rule name="Enemy_03" dir=in interface=any action=block remoteip=167.1.93.11
ect...

#Find a Group of entries
netsh advfirewall firewall show rule name=all | find "Enemy"

#Find a exact entry
netsh advfirewall firewall show rule name=all | find "Enemy_01"

#Disable a Windows Firewall Rule
netsh advfirewall firewall set rule name="Enemy_01" new enable=no

#Enable a Windows Firewall Rule
netsh advfirewall firewall set rule name="Enemy_01" new enable=yes

#Delete Rule
netsh advfirewall firewall delete rule name="Enemy_01" dir=in

#Logging
netsh advfirewall set allprofiles logging filename "C:\temp\pfirewall.log"
netsh advfirewall set allprofiles logging droppedconnections enable

Windows Firewall Backup and Settings Restore
netsh advfirewall export "C:\temp\WFconfiguration.wfw"
netsh advfirewall import "C:\temp\WFconfiguration.wfw"

palinka
Senior user
Senior user
Posts: 1941
Joined: 2017-09-12 17:57

Re: Windows Firewall Tricks

Post by palinka » 2019-07-08 20:05

Dravion wrote:
2018-06-11 12:31
If you just need to disable the Windows Firewall testwise, you can mess arround with dozens of pointless GUI options or just simply open Windows
Command prompt as Admin and type:
That's for sure.
#Logging
netsh advfirewall set allprofiles logging filename "C:\temp\pfirewall.log"
netsh advfirewall set allprofiles logging droppedconnections enable
This worked when nothing else did. You're totally right about "pointless GUI options", but I would call them completely USELESS GUI options.

One other thing. Need to add user read permissions to view.

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Windows Firewall Tricks

Post by Dravion » 2019-07-09 01:37

Yeah, there are situations a GUI is more a burden than a help :)

palinka
Senior user
Senior user
Posts: 1941
Joined: 2017-09-12 17:57

Re: Windows Firewall Tricks

Post by palinka » 2019-07-09 11:27

Dravion wrote:
2019-07-09 01:37
Yeah, there are situations a GUI is more a burden than a help :)
I want to try out Soren's tail -f with the log but I'm having problems with permissions on the log file. When i add my account to the security properties to view the log, i can look at it. But as soon as i close the log file my permission disappears and i have to add myself again. Permissions don't stick. Any idea how to fix this?

User avatar
SorenR
Senior user
Senior user
Posts: 3576
Joined: 2006-08-21 15:38
Location: Denmark

Re: Windows Firewall Tricks

Post by SorenR » 2019-07-09 12:10

palinka wrote:
2019-07-09 11:27
Dravion wrote:
2019-07-09 01:37
Yeah, there are situations a GUI is more a burden than a help :)
I want to try out Soren's tail -f with the log but I'm having problems with permissions on the log file. When i add my account to the security properties to view the log, i can look at it. But as soon as i close the log file my permission disappears and i have to add myself again. Permissions don't stick. Any idea how to fix this?
Administrator rights baby ... Administrator rights !

Image
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

palinka
Senior user
Senior user
Posts: 1941
Joined: 2017-09-12 17:57

Re: Windows Firewall Tricks

Post by palinka » 2019-07-09 12:53

SorenR wrote:
2019-07-09 12:10
Administrator rights baby ... Administrator rights !
You know you have to be a little more specific with me because I'm special... :mrgreen:

My account is a member of SERVER/Administrators and the owner of the firewall log is SERVER/Administrators and I can't open it. If I go to properties > security ("You must have read permissions to view the properties of this object") > advanced > permissions > add > I add myself, apply, OK then I can view but only until I close the file. Then its back to square one and I have to go through the whole thing all over again.

User avatar
SorenR
Senior user
Senior user
Posts: 3576
Joined: 2006-08-21 15:38
Location: Denmark

Re: Windows Firewall Tricks

Post by SorenR » 2019-07-09 13:13

palinka wrote:
2019-07-09 12:53
SorenR wrote:
2019-07-09 12:10
Administrator rights baby ... Administrator rights !
You know you have to be a little more specific with me because I'm special... :mrgreen:

My account is a member of SERVER/Administrators and the owner of the firewall log is SERVER/Administrators and I can't open it. If I go to properties > security ("You must have read permissions to view the properties of this object") > advanced > permissions > add > I add myself, apply, OK then I can view but only until I close the file. Then its back to square one and I have to go through the whole thing all over again.
Have you tried killing UAC?
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

palinka
Senior user
Senior user
Posts: 1941
Joined: 2017-09-12 17:57

Re: Windows Firewall Tricks

Post by palinka » 2019-07-09 13:35

SorenR wrote:
2019-07-09 13:13
palinka wrote:
2019-07-09 12:53
SorenR wrote:
2019-07-09 12:10
Administrator rights baby ... Administrator rights !
You know you have to be a little more specific with me because I'm special... :mrgreen:

My account is a member of SERVER/Administrators and the owner of the firewall log is SERVER/Administrators and I can't open it. If I go to properties > security ("You must have read permissions to view the properties of this object") > advanced > permissions > add > I add myself, apply, OK then I can view but only until I close the file. Then its back to square one and I have to go through the whole thing all over again.
Have you tried killing UAC?
No and i don't want to.

Post Reply