Sunday 12 December 2010

Modifying Windows Firewall Through Command Prompt

Windows is all GUI now and very little command line any more, well believe it or not command line is still a very powerful tool that can change a lot of items within Windows. Here we will talk about changing Windows Firewall through a command line. The Windows XP firewall is a very basic firewall that protects users from some of the attacks that come across the Internet.
The netshcommand is a free program that comes with Windows XP and is what we will be using to make specific changes to the Windows firewall in this article. The netsh command alone will put you at a netsh> prompt which is ready for more commands. Because netsh can be used to modify other items beside the firewall we need to tell it that we will be configuring the firewall so we give the netsh> prompt the firewall command. Now we are sitting at netsh firewall> prompt. Like any other command line program we can give it a ? to display all the available commands.
netsh firewall>?
  Commands in this context:
    ?                -Displays a list of commands.
    add          -Adds firewall configuration.
    delete     -Deletes firewall configuration.
    dump      -Displays a configuration script.
    help         -Displays a list of commands.
    reset        -Resets firewall configuration to default
    set            -Sets firewall configuration
    show        -Shows firewall configuration
So lets now do an example of a configuration we can do with netsh and allow Incoming ICMP ECHO Requests
netsh firewall>set icmpsetting 8 ENABLE
Ok.
To disable ICMP ECHO Requests
netsh firewall>set icmpsetting 8 DISABLE
Ok.
Enable Fire and Printer sharing
netsh firewall>set service FILEANDPRINT ENABLE
Ok.
Now as you can see we have done some very broad configurations that either allow everyone or no one to connect or ping our computer. Lets say we want just a specific network access our computer. Then we will have to use the CUSTOM command within netsh firewall>
netsh firewall>set service FILEANDPRINT ENABLE CUSTOME 192.168.1.0/24
Ok.
So the above statement is only going to allow computers on the 192.168.1.0 network to connect to my computer for file and printer sharing. For those of you who might not be very network familiar the /24 at the end of the network address is the subnet mask. Not to get off on to far of a tangent the /24 means a 24 bit mask which is 255.255.255.0.
Now lets say we are testing something and want to just turn the firewall off completely, well we can do this very easily from command prompt.
netsh firewall>set opmode disable
Ok.
Now obviously if we turned the firewall of we just might need to turn it back on so.
netsh firewall>set opmode enable
Ok.
So with all this changing we have done something has gone terribly wrong and we cannot get the right traffic in and out of our computer that we want. So the best thing to do is reset out firewall back to defaults and this can be done by a very simple and obvious command.
netsh firewall>reset
Ok.
After executing this command all of our modifications will be lost and the firewall will go back to all of its default settings.

0 comments:

Post a Comment