Using the Netsh Command to Manage Windows XP Firewall


If you need to make firewall settings repeatedly—on a single computer as conditions change or, perhaps, on a fleet of computers—you’ll find working with the Windows Firewall Control Panel application to be a bit cumbersome. Fortunately, Service Pack 2 introduces another improvement over ICF: command-line control. The Netsh Firewall command provides an alternative way to view or modify all manner of settings—more, in fact, than you can set using the Control Panel application.

For example, you can enable Windows Firewall with this command:

netsh firewall set opmode enable

This command enables logging of dropped packets in a file named C:\Fw.log:

netsh firewall set logging c:\fw.log 4096 enable

With dozens of keywords and options, the Netsh Firewall command is quite complex. The best way to learn about its various possibilities is through online help. Start in the Help And Support Center. A search for “netsh firewall” returns a suggested topic page titled “Configuring Windows Firewall from the command line,” which provides a good overview. For more details, use the help available from the command line. You’ll need to do it in several steps, appending another keyword each time. Start by entering netsh firewall ? at a command prompt. This returns a list of each of the keywords that you can put after firewall—Add, Delete, Dump, Help, Reset, and Set—along with a brief description of each. Next you might type netsh firewall set ? to learn about each of the Set options. Then you’d type netsh firewall set opmode ?—and so on, until you reach a screen that shows the command syntax and explains all the parameters for the command you’ve entered.