CMD
添加示例
netsh advfirewall firewall add rule name="规则名称"dir=in action=allow protocol=TCP localport=1030
一些参数说明:
name:规则名称
dir:方向 (in入口方向 out出口方向)
action:行为(allow允许 block 阻止)
protocol:协议类型(TCP/UDP)
localport:本地端口
program:程序路径
security:安全(使用默认或者不指定即可)(authenticate|authenc|authdynenc|authnoencap|notrequired(default=notrequired))
authenticate - 要求双向身份验证,但不加密
authenc - 要求双向身份验证和加密
authdynenc - 要求身份验证,加密可选
authnoencap - 要求身份验证,禁用ESP封装
notrequired - 不要求安全措施
以下是一些示例:
为 messenger.exe 添加入站规则:
1 netsh advfirewall firewall add rule name="allow messenger" dir=in program="c:\programfiles\messenger\msmsgs.exe" security=authnoencap action=allow
为端口 80 添加出站规则(禁止):
netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block
为 TCP 端口 80 通信添加需要安全和加密的入站规则:
netsh advfirewall firewall add rule name="Require Encryption for Inbound TCP/80" protocol=TCP dir=in localport=80 security=authdynenc action=allow
为 messenger.exe 添加需要安全的入站规则:
netsh advfirewall firewall add rule name="allow messenger"dir=in program="c:\program files\messenger\msmsgs.exe" security=authenticate action=allow
为 SDDL 字符串标识的组 acmedomain\scanners 添加经过身份验证的防火墙跳过规则:
netsh advfirewall firewall add rule name="allow scanners"dir=in rmtcomputergrp=<SDDL string> action=bypass security=authenticate
为 udp- 的本地端口 5000-5010 添加出站允许规则
netsh advfirewall firewall Add rule name="Allow port range"dir=out protocol=udp localport=5000-5010 action=allow
启用名为 "MyRule" 的防火墙规则:
netsh advfirewall firewall set rule name="MyRule" new enable=yes
将名为 "MyRule" 的规则的本地端口更改为 8080:
netsh advfirewall firewall set rule name="MyRule" new localport=8080
将名为 "MyRule" 的规则的远程 IP 地址限制为 192.168.1.1:
netsh advfirewall firewall set rule name="MyRule" new remoteip=192.168.1.1
将名为 "MyRule" 的规则的协议更改为 UDP:
netsh advfirewall firewall set rule name="MyRule" new protocol=UDP
运行以下命令查看规则是否已正确修改:
netsh advfirewall firewall show rule name="MyRule"
删除示例
删除本地端口 80 的所有入则:
netsh advfirewall firewall delete rule name=all protocol=tcp localport=80
删除名为 "allow80" 的规则:
netsh advfirewall firewall delete rule name="allow80"
PowerShell
New-NetFirewallRule -DisplayName '规则名称' -Profile 'Private' -Direction Inbound -Action Allow -Protocol TCP -LocalPort 6124
详细的使用介绍可以查看参考资料中的链接,非常详细 。
参考资料:
https://learn.microsoft.com/zh-cn/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line?tabs=cmd
https://learn.microsoft.com/zh-cn/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior
阅读原文:原文链接
该文章在 2025/7/18 11:02:59 编辑过
400 186 1886
