• <div><p>A module to control the windows firewall through ansible</p><p>该提问来源于开源项目：ansible/ansible-modules-extras</p></div>
• <div><p>Whenever I start a compiled client program with raknet, Windows Firewall opens and asks to whitelist the program. Why is that? It is just client program connect to a server. It even happens ...
• 当然，如果遇到有 WindowsFirewall.diagcab 无法解决的问题，可以点击查看详细信息来获取相关问题的报告，再到搜索引擎去查找或者咨询 IT Pro。 win10系统如何重置防火墙设置? 如果排查工具没有发现任何错误，可以将...
• <p>If I make an exception for wacs.exe in the Windows Firewall for the correct port, the authentication fails. If I make the same rule for "all programs", it works fine. As I am not so ...
• <div><p>Can we prevent the Windows Firewall popup from appearing? <p>I'm getting it when I reset the test environment or restart VS, etc.</p><p>该提问来源于开源项目：Mongo2Go/Mongo2Go</p></...
• <div><p>After running into issues with a large TFS import, Microsoft support indicated to turn off the Windows Firewall. After doing so, the import continued successfully. This update is to add ...
• How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista Applies to:Windows Server....
How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista

Applies to: Windows Server 2008 EnterpriseWindows Server 2008 DatacenterWindows Server 2008 Standard More

INTRODUCTION

The netsh advfirewall firewall command-line context is available in Windows Server 2008 and in Windows Vista. This context provides the functionality for controlling Windows Firewall behavior that was provided by the netsh firewall context in earlier Windows operating systems.
This context also provides functionality for more precise control of firewall rules. These rules include the following per-profile settings:

Domain
Private
Public
The netsh firewall command-line context might be deprecated in a future version of the Windows operating system. We recommend that you use the netsh advfirewall firewall context to control firewall behavior.
Note The netsh firewall command line is not recommended for use in Windows Vista.
This article describes how to use the netsh advfirewall firewall context instead of the netsh firewall context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista.

Important If you are a member of the Administrators group, and User Account Control is enabled on your computer, run the commands from a command prompt with elevated permissions. To start a command prompt with elevated permissions, find the icon or Start menu entry that you use to start a command prompt session, right-click it, and then click Run as administrator.
Some examples of frequently used commands are provided in the following tables. You can use these examples to help you migrate from the older netsh firewall context to the new netsh advfirewall firewall context.
Additionally, the netsh advfirewall commands that you can use to obtain detailed inline help are provided.

Example 1: Enable a program

Old command
New command
netsh firewall add allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLE
netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain
Run the following commands:
netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain
netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private

Example 2: Enable a port

Old command
New command
netsh firewall add portopening TCP 80 "Open Port 80"
netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80

Example 3: Delete enabled programs or ports

Old command
New command
netsh firewall delete allowedprogram C:\MyApp\MyApp.exe
netsh advfirewall firewall delete rule name=rule name program="C:\MyApp\MyApp.exe"
delete portopening protocol=UDP port=500
netsh advfirewall firewall delete rule name=rule name protocol=udp localport=500

netsh advfirewall firewall delete rule ?

Example 4: Configure ICMP settings

Old command
New command
netsh firewall set icmpsetting 8
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
netsh firewall set icmpsetting type=ALL mode=enable
netsh firewall set icmpsetting 13 disable all
netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block

Example 5: Set logging

Old command
New command
netsh firewall set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 4096 ENABLE ENABLE
Run the following commands:
netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log
netsh advfirewall set currentprofile logging maxfilesize 4096
netsh advfirewall set currentprofile logging droppedconnections enable
netsh advfirewall set currentprofile logging allowedconnections enable

If you want to set logging for a particular profile, use one of the following options instead of the "currentprofile" option:

Domainprofile
Privateprofile
Publicprofile
Example 6: Enable Windows Firewall

Old command
New command
netsh firewall set opmode ENABLE
netsh advfirewall set currentprofile state on
netsh firewall set opmode mode=ENABLE exceptions=enable
Run the following commands:
Netsh advfirewall set currentprofile state on
netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound
netsh firewall set opmode mode=enable exceptions=disable profile=domain
Run the following commands:
Netsh advfirewall set domainprofile state on
netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound
netsh firewall set opmode mode=enable profile=ALL
Run the following commands:
netsh advfirewall set domainprofile state on
netsh advfirewall set privateprofile state on

If you want to set the firewall state for a particular profile, use one of the following options instead of the "currentprofile" option:

Domainprofile
Privateprofile
Publicprofile
Example 7: Restore policy defaults

Old command
New command
netsh firewall reset

Example 8: Enable specific services

Old command
New command
netsh firewall set service FileAndPrint
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
netsh firewall set service RemoteDesktop enable
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
netsh firewall set service RemoteDesktop enable profile=ALL
Run the following commands:
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=private
Last Updated: Mar 16, 2019

展开全文
• Windows Firewall Control V5.1.0 最新注册机 Windows Firewall Control 简繁体中文注册版是一个由 BiniSoft 开发的非常有用的小工具，为Windows 7、Windows 8用户提供了最简单最直观的防火墙设置使用方法，支持高...
• m sorry for posting it as an issue on GitHub), the new update seems to ignore the fact that Windows Firewall is running at the same time? I have an impression that a couple of months ago, it would ...
• <div><p>Windows Firewall tries to block the "temp" mongod.exe when running. Is there a way to avoid this?</p><p>该提问来源于开源项目：flapdoodle-oss/de.flapdoodle.embed.mongo</p></div>
• <p>It looks like this means that every time a new connection becomes available for Windows, the Windows Firewall is enabled again, but simplewall will <em>not</em> check the Windows Firewall state at ...
• 看到了Windows Firewall服务正在运行，想手动给停止试一下，结果远程桌面直接退出了，服务也不能访问了。只能重启服务器了。Windows Firewall服务不止是防火墙的问题，还涉及很多需要链接登录服务器的管控。 ...
在windows服务器上调试访问问题，以为是防火墙的问题，就打开服务查看。看到了Windows Firewall服务正在运行，想手动给停止试一下，结果远程桌面直接退出了，服务也不能访问了。只能重启服务器了。Windows Firewall服务不止是防火墙的问题，还涉及很多需要链接登录服务器的管控。

展开全文
• Windows Firewall Control是一款专业的防火墙使用小工具。软件为Windows 7、Windows 8用户提供了最简单最直观的防火墙设置使用方法，软件简单好用，支持高过滤、中过滤、低过滤、无过滤四种配置文件！软件主要用于...
• <p>This PR turns off Windows firewall during Windows node provisioning. This will allow communications to kubernetes service go through.</p><p>该提问来源于开源项目：Azure/acs-engine</p></div>
• In Sample of Windows Firewall Exception is very good sample for create firewall exception. Works fine. But i have some difficulty to check if exception already exists for port. Background: i have ...
• Use PowerShell to Create New Windows Firewall Rules Dr Scripto November 13th, 2012 Summary:Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to create new Windows Firewall ....
Use PowerShell to Create New Windows Firewall Rules

Dr Scripto

November 13th, 2012

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to use Windows PowerShell to create new Windows Firewall rules on local and remote systems.

Microsoft Scripting Guy, Ed Wilson, is here. Today, we are off to Europe. The Scripting Wife and I are actually on separate flights—it’s the way the airline miles worked out for the flight. Luckily, the Scripting Wife is an excellent traveler. When I was working in Vienna a few years ago, she flew into Frankfurt, hopped a train to Vienna, and navigated the local S-Bahn trains from the Ost-Bahnhoff to the hotel without incident.

Anyway, from Frankfurt, once we are all there, we hop a train to Dortmond, Germany, where we will meet with Klaus Schulte. Klaus, as you may know, was the winner of the Scripting Games, and he has written several guest Hey, Scripting Guy! Blog posts. Neither the Scripting Wife nor myself has been to Dortmond, and we are looking forward to hanging out with Klaus, taking pictures, and of course, talking about Windows PowerShell.

Enable firewall rules with Windows PowerShell

I know why we do it, but dude, I still like to use Ping to see if a computer is up or down. I know I can use Windows PowerShell and do something like Test-WSMan to see if WinRM works, but old habits die hard. By default, on certain profiles, and on certain versions of the operating system, the Ping command is disabled. It really makes life difficult in the early hours of the morning when I tend to forget these sorts of things. So, I like to explicitly ensure that Ping is permitted through Windows Firewall. Once I have done this, and a machine does not respond to Ping, I know I need to do something else.

Unfortunately, while I can use the Get-NetFireWallRule cmdlet to retrieve information about scope and status of a firewall rule, it does not display what the actual rule itself is or does. This means that, for example, I cannot use Get-NetFireWallRule to retrieve a firewall rule and use it as a pattern when it comes to creating a new rule. In addition, it means that I cannot use the GUI tool to create a new firewall rule, use the Get-NetFireWallRule cmdlet to obtain the actual rules themselves, and then use that to create a new rule. Get-NetFireWallRule is useful for auditing but not for system configuration.

Create a new firewall rule

To create a new firewall rule that permits the Ping command, I first import the NetSecurity module. Next, I use the New-NetFirewallRule cmdlet to create the new firewall rule. The problem with this is that I basically have to know what I am doing … specifically. If, for example, I do not know that a Ping is ICMPv4 protocol, and specifically ICMPType 8, then I have no chance of creating a new firewall rule. This is where the GUI tool is a bit more friendly—rather than having to look up the ICMPTypes, they are available through the ICMP type page. This is shown here.

Here again, even the GUI tool does not actually list the ICMP type. So to get this information, I need to either already know it (Hey, I wrote a book on Network Monitoring and Analysis), or I need to look it up by using Ping.

I recommend using the Windows PowerShell cmdlet to create the firewall rule, and then inspecting the rule in the Windows Firewall with Advanced Security tool. Here is the rule I came up with to permit Ping on network interfaces with the ANY profile. (Note that I could use DOMAIN or PRIVATE profiles as well.)

Import-Module NetSecurity

New-NetFirewallRule -Name Allow_Ping -DisplayName “Allow Ping”

-Description “Packet Internet Groper ICMPv4” 

-Protocol ICMPv4 -IcmpType 8 -Enabled True -Profile Any -Action Allow

Deploy the rule to all my Windows Server 2012 and Windows 8 machines

The first thing I need to do is to find all of my computers running Windows Server 2012 and Windows 8. I created a specific filter for the Get-ADComputer cmdlet that returns only these types of computers. I also specify Admin credentials to the Get-Credential cmdlet. This is shown here.

Import-Module NetSecurity, ActiveDirectory

$cred = Get-Credential -Credential iammred\administrator$cn = Get-ADComputer -Properties operatingsystem -Filter

“Operatingsystem -like ‘windows 8 *’ -OR OperatingSystem -like ‘* 2012 *'”

Now, I create a CIM session to each of these computers. When I do this, I specify the name of the computer and the credentials to use to make the connection. I do not worry if computers are offline when calling the command because it only connects with online machines. It simplifies the code. This appears here.

$CIM = New-CimSession -ComputerName$cn.name -Credential $cred Next, I use the same New-NetFirewallRule command I used before—only this time I add that I want to use the CIM sessions in the$cim variable. Here is the code.

New-NetFirewallRule -Name Allow_Ping -DisplayName “Allow Ping”

-Description “Packet Internet Groper ICMPv4”

-Protocol ICMPv4 -IcmpType 8 -Enabled True -Profile Any -Action Allow 

-CimSession $cim Verify that the changes took place Because I already have the CIM sessions in the$CIM variable, I can use that with the Get-NetFirewallRule cmdlet to verify that the remote servers and workstations have received the new firewall rule. This command is shown here.

Get-NetFirewallRule -DisplayName “Allow Ping” -CimSession $cim | Select PSComputerName, name, enabled, profile, action | Format-Table -AutoSize The command and the associated output are shown here. I also want to verify that the Pings themselves will take place. Now, remember that the Get-ADComputer command returned some computers that were offline. But the$CIM variable contains CIM sessions to each computer that is obviously online. Unfortunately, the Test-Connection cmdlet does not accept a CIM session object, but that does not matter because it does accept an array of computer names. With auto array expansion, I can get the computer names from the variable containing all of the CIM sessions easily. Here is the command to which I arrived.

Test-Connection -ComputerName $cim.computername -BufferSize 15 -Count 1 The command and associated output are shown here. PS C:\> Test-Connection -ComputerName$cim.computername -BufferSize 15 -Count 1

——        ———–     ———–      ———–

EDLT          DC2             192.168.0.102

EDLT          DC3             192.168.0.103

EDLT          DC4             192.168.0.104

EDLT          EDLT            192.168.3.228    fe80::bd2d:5283:5572:5e77%19

EDLT          HYPERV2         192.168.0.46

EDLT          HYPERV3         192.168.0.43

EDLT          SQL1            192.168.0.150

EDLT          WDS1            192.168.0.152

EDLT          WEB1            192.168.0.54

Sweet, it worked!

展开全文
• windows firewall服务不能启动解决方案，实际测试，能够解决。
• Windows Firewall Control 为Windows 7、 8 最直观防火墙设置 关于设置中文语言界面： 这款软件官方支持简体中文语言，大家安装完成后复制压缩包中Language Files目录下的wfcCN.lng（简体中文）或者wfcTW.lng（繁体...
• Win+R后输入services.msc，打开服务，发现防火墙也不能手动启动，提示Windows不能在本地计算机启动Windows Firewall，错误代码13。 此时防火墙服务虽没有启动，但是默认是开启的，可能导致某些软件无法使用。如需...
问题描述
有些时候我们需要关闭Windows防火墙，但是控制面板中并没有相应按钮：

Win+R后输入services.msc，打开服务，发现防火墙也不能手动启动，提示Windows不能在本地计算机启动Windows Firewall，错误代码13。

此时防火墙服务虽没有启动，但是默认是开启的，可能导致某些软件无法使用。如需关闭防火墙，我们必须启动防火墙服务后再手动关闭他。
准备工作（非必须）

检查360的优化加速-启动项-系统关键服务是否将防火墙禁用。
参考修改为本地服务。注意做修改时要先把服务手动禁用。
简单来说就是把服务中的Security Center和Windows Firewall的属性-登录下面改为此账户、本地服务，并输入密码。
参考修改权限。
是在注册表中把账户权限设为完全控制。
如果这些都不行，请看下面。

修改注册表

Win+R输入regedit，进入注册表。
找到HKEY_LOCAL_MACHINE\System\CurrentControlSet\Sevices\SharedAccess\Parameters\FirewallPolicy

对FirewallPolicy点击右键，保存一下，防止翻车。

删除FirewallPolicy下方所有子文件夹和右边的所有值。这里我还没有删干净，右边4个蓝色的也要删掉。

Win+R输入cmd，进入命令行。输入
（有些系统是输入netsh firewall reset）
Win+R后输入services.msc，打开服务，手动启动Windows Firewall。
接下来就可以在控制面板关闭防火墙了。


展开全文
• Windows Firewall Control是一款为Windows 7和Vista用户提供了更简单直观的防火墙增强设置使用方法,你可以一键设定过滤规则。
• <p>We need to automatically create rule for windows firewall which manually can be created in the following way: <p>Click on inbound rules (left column), then on new rule (right column). Choose ...
• Sample code for the Windows Firewall COM interface   /* Copyright (c) Microsoft Corporation SYNOPSIS Sample code for the Windows Firewall COM interface. */ #include &lt;windows.h&gt...
• I noticed when running them on my dev machine that I was now prompted by Windows Firewall to grant dotnet.exe extra permissions. So my guess is that this same prompt is happening on the build server ...
• <div><p>该提问来源于开源项目：axsh/wakame-vdc</p></div>
• <div><p>该提问来源于开源项目：Ylianst/MeshCentral</p></div>
• <div><p>Is adding/deleting an exception truly safe for your computer? I just want to make sure as I want this meter, yet I do not know if there are risks to this.</p><p>该提问来源于开源项目：...
• Just like with any other program that runs a server, Windows Firewall gives me a one-time security notification about it. This "one-time" behavior is tied to the executable path, and under ...
• is it safe to use simplewall and windows firewall in compination? i jsut feel more savf with that. it wont cause any problems, will it?</p><p>该提问来源于开源项目：henrypp/simplewall</p></div>
• 1.服务-windows Firewall,双击，然后检查依存关系，查看依存关系的是否都启动了，假如依存关系的都没启动，防火墙自然启动不了 2.依存关系都启动了，可还是启动不了，这时候就要检查security center是否是自动，且...
• <div><p>Updating the Windows firewall is usually reasonably fast, but sometimes blocks for, 20 seconds, 4 minutes, etc. Not sure why. <p>Until we understand that's happening, configure it in the ...

...