{
	"id": "7f262abf-426f-4ed1-ab32-9c758d1c5982",
	"created_at": "2026-04-06T00:18:46.518817Z",
	"updated_at": "2026-04-10T13:12:55.016195Z",
	"deleted_at": null,
	"sha1_hash": "bff49f4f12ac355951198478864d1f4592cbc31d",
	"title": "Netsh Commands for Windows Firewall",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 171093,
	"plain_text": "Netsh Commands for Windows Firewall\r\nBy Archiveddocs\r\nArchived: 2026-04-05 14:55:07 UTC\r\nApplies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista\r\nThe Netsh commands for Windows Firewall provide a command-line alternative to the capabilities of the\r\nWindows Firewall Control Panel utility. By using the Netsh firewall commands, you can configure and view\r\nWindows Firewall exceptions and configuration settings.\r\nImportant\r\nThe firewall context of the netsh command-line tool is provided only for backwards-compatibility with earlier\r\nversions of Windows. The firewall context works on computers that are running Windows® 7, Windows Server®\r\n2008 R2, Windows Vista®, and Windows Server® 2008, but it does not allow you to manage or interact with any\r\nof the firewall features that are new to those newer versions of Windows. This context does not allow you to work\r\nremotely on a computer to directly configure its firewall.\r\nWe recommend that you instead use the advfirewall context unless you are using this tool in a mixed environment\r\nand must maintain backwards-compatibility with earlier versions of Windows. To use the new firewall features\r\nthat are included with Windows Vista and later versions of Windows, you must use the advfirewall context\r\ninstead. For more information, see Netsh Commands for Windows Firewall with Advanced Security.\r\nWe recommend that you do not use this context on a computer that is running Windows Vista or a later version of\r\nWindows, because by using it you can create and modify firewall rules only for the domain and private profiles.\r\nEarlier versions of Windows only supported a domain and standard profile. On Windows Vista and later versions\r\nof Windows, standard maps to the private profile and domain continues to map to the domain profile. Rules for the\r\npublic profile can only be manipulated when the computer is actually attached to a public network and the\r\ncommand is run against the \"current\" profile.\r\nStarting with Windows 7 and Windows Server 2008 R2, if you run any command in the firewall context, the\r\ncommand still works, but is accompanied by the message:\r\nIMPORTANT: “netsh firewall” is deprecated; use “netsh advfirewall firewall” instead. For more information on\r\nusing “netsh advfirewall firewall” commands instead of “netsh firewall”, see KB article 947709 at\r\nhttps://go.microsoft.com/fwlink/?linkid=121488.\r\nImportant\r\nTo use the netsh firewall commands remotely on another computer by using the netsh –r parameter, the Remote\r\nRegistry service must be running on the remote computer. If it is not, then Windows displays a “Network Path Not\r\nFound” error message.\r\nYou can run these commands from within the netsh tool at the netsh firewall\u003e prompt.\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 1 of 21\n\nFor these commands to work at a standard Windows command prompt, you must preface each command with\r\nnetsh firewall, followed by the specific command and parameters as they appear in the syntax below.\r\nNote\r\nIf User Account Control is enabled on your computer and you want to run any netsh firewall command that\r\nchanges the firewall configuration, you must run the command from a command prompt that was started with the\r\nRun as administrator option. If you try to change the firewall state without having administrator permissions\r\navailable to the command-line tool, it fails with the message \"The requested operation requires elevation.\"\r\nFor more information about netsh, see Netsh Overview and Enter a Netsh Context.\r\nNetsh firewall\r\nThe following sections describe each command and its syntax.\r\nadd allowedprogram\r\nset allowedprogram\r\ndelete allowedprogram\r\nset icmpsetting\r\nset multicastbroadcastresponse\r\nset notifications\r\nset logging\r\nset opmode\r\nadd portopening\r\nset portopening\r\ndelete portopening\r\nset service\r\nshow commands\r\nreset\r\nNote\r\nIn earlier versions of Windows, many of these command accepted a parameter called interface. This parameter is\r\nnot supported in the firewall context in Windows Vista or later versions of Windows.\r\nadd allowedprogram\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 2 of 21\n\nAdds a program-based exception to the firewall.\r\nSyntax\r\nadd allowedprogram [ program = ] PathAndFileName [ name = ] ProgramName [ [ mode = ] { enable | disable\r\n} ] [ [ scope = ] { all | subnet | custom } ] [ [ addresses = ] { IPAddress | IPRange | Subnet | localsubnet }[,…] ] [\r\n[ profile = ] { current | domain | standard | all } ]\r\nParameters\r\n[ program = ] PathAndFileName\r\nRequired. The path and file name of the program to be added to the firewall exception list. If the path or\r\nfile name includes spaces, then you must use quotation marks around the path and file name.\r\n[ name = ] ProgramName\r\nRequired. Friendly name of the program to be added to the list. This value is displayed in the Firewall\r\ncontrol panel exception list.\r\n[ [ mode = ] { enable | disable } ]\r\nSpecifies whether this exception is currently applied and active on the local computer. The default value is\r\nenable.\r\n[ [ scope = ] { all | subnet | custom } ]\r\nSpecifies the scope of the allowed network traffic from remote computers. all indicates that traffic is\r\nallowed from any computer, including those on the Internet. subnet indicates that traffic is allowed from\r\ncomputers on the local computer's subnet only. custom indicates that traffic is allowed from only those\r\ncomputers whose IP address matches the addresses parameter. The default value is all.\r\n[ [ addresses = ] { IPAddress | IPRange | Subnet | localsubnet }[,…] ]\r\nSpecifies a custom list of addresses for the scope=custom parameter. Each entry can be:\r\nAn IPv4 or IPv6 address. For example, 192.168.0.15.\r\nAn IPv4 or IPv6 range with start and end addresses separated by a '-'. For example, 192.168.0.1-\r\n192.168.0.50.\r\nA subnet indicated by the subnet address and subnet mask separated by a '/'. For example,\r\n192.168.0.0/255.255.255.0.\r\nA subnet indicated by the subnet address and a subnet prefix separated by a '/'. For example,\r\n10.1.0.0/16.\r\nThe keyword localsubnet, which includes all addresses that are on the local computer's current\r\nsubnet.\r\nMultiple entry types can be combined on a command line by separating them with commas: 172.16.0.0/16,\r\n10.0.0.0/255.0.0.0, 21AB:0000:0000:CD30::/60, localsubnet\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 3 of 21\n\n[ [ profile = ] { current | domain | standard | all } ]\r\nSpecifies the firewall profile to which the command applies. The firewall profile is determined by the\r\ndetected network location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\nNote\r\nOn Windows 7 and Windows Server 2008 R2, this option applies to all profiles that are currently active on the\r\ncomputer.\r\n - **domain** specifies that the command applies only to the domain profile.\r\n \r\n - **standard** specifies that the command applies only to the private profile.\r\n \r\n - **all** specifies that the command applies to all profiles except the private profile.\r\n \r\nYou must specify scope=custom to specify addresses. If scope=custom is used, then addresses cannot be\r\nblank.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nThe addresses parameter cannot contain an unspecified IPv6 address, a loopback address, or a multicast\r\naddress.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nadd allowedprogram \"C:\\My App\\MyApp.exe\" \"My Application\" enable\r\nadd allowedprogram \"C:\\My App\\MyApp.exe\" \"My Application\" enable custom\r\n157.60.0.1,172.16.0.0/16,21AB:0000:0000:CD30::/60,localsubnet\r\nset allowedprogram\r\nModifies the settings of an existing program-based exception.\r\nSyntax\r\nset allowedprogram [ program = ] PathAndFileName [ [ name = ] ProgramName ] ] [ [ mode = ] { enable |\r\ndisable } ] [ [ scope = ] { all | subnet | custom } ] [ [ addresses = ] { IPAddress | IPRange | Subnet | localsubnet }\r\n[,…] ] [ [ profile = ] { current | domain | standard | all } ]\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 4 of 21\n\nParameters\r\n[ program = ] PathAndFileName ]\r\nRequired. The path and file name of the program whose exception you want to modify. If the path or file\r\nname includes spaces, then you must use quotation marks around the path and file name.\r\n[ [ name = ] ProgramName ]\r\nFriendly name of the program to be added to the list. This value is displayed in the Firewall control panel\r\nexception list.\r\n[ [ mode = ] { enable | disable } ]\r\nSpecifies whether this exception is currently applied and active on the local computer.\r\n[ [ scope = ] { all | subnet | custom } ]\r\nSpecifies the scope of the allowed network traffic from remote computers. all indicates that traffic is\r\nallowed from any computer, including those on the Internet. subnet indicates that traffic is allowed from\r\ncomputers on the local computer's subnet only. custom indicates that traffic is allowed from only those\r\ncomputers whose IP address matches the addresses parameter.\r\n[ [ addresses = ] { IPAddress | IPRange | Subnet | localsubnet }[,…] ]\r\nSpecifies a custom list of addresses for the scope=custom parameter. Each entry can be:\r\nAn IPv4 or IPv6 address. For example, 192.168.0.15.\r\nAn IPv4 or IPv6 range with start and end addresses separated by a '-'. For example, 192.168.0.1-\r\n192.168.0.50.\r\nA subnet indicated by the subnet address and subnet mask separated by a '/'. For example,\r\n192.168.0.0/255.255.255.0.\r\nA subnet indicated by the subnet address and a subnet prefix separated by a '/'. For example,\r\n10.1.0.0/16.\r\nThe keyword localsubnet, which includes all addresses that are on the local computer's current\r\nsubnet.\r\nMultiple entry types can be combined on a command line by separating them with commas: 172.16.0.0/16,\r\n10.0.0.0/255.0.0.0, 21AB:0000:0000:CD30::/60, localsubnet\r\n[ [ profile = ] { current | domain | standard | all } ]\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\nNote\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 5 of 21\n\nOn Windows 7 and Windows Server 2008 R2, this option applies to all profiles that are currently active on the\r\ncomputer.\r\n - **domain** specifies that the command applies only to the domain profile.\r\n \r\n - **standard** specifies that the command applies only to the private profile.\r\n \r\n - **all** specifies that the command applies to all profiles except the private profile.\r\n \r\nThe default value is **current**.\r\nYou must specify at least one parameter other than program.\r\nYou must specify scope=custom to specify addresses. If scope=custom is used, then addresses cannot be\r\nblank.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nThe addresses parameter cannot contain an unspecified IPv6 address, a loopback address, or a multicast\r\naddress.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nset allowedprogram \"C:\\My App\\MyApp.exe\" \"My Application\" enable\r\nset allowedprogram \"C:\\My App\\MyApp.exe\" \"My Application\" enable custom\r\n157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,localsubnet\r\nset allowedprogram program=\"C:\\My App\\MyApp.exe\" name=MyApp mode=enable scope=custom\r\naddresses=157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,localsubnet\r\ndelete allowedprogram\r\nDeletes an existing program-based exception.\r\nSyntax\r\ndelete allowedprogram [ program = ] PathAndFileName [ [ profile = ] { current | domain | standard | all } ]\r\nParameters\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 6 of 21\n\n[ program = ] PathAndFileName\r\nRequired. The path and file name of the program to be deleted from the firewall exception list.\r\n[ [ profile = ] { current | domain | standard | all } ]\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\nNote\r\nOn Windows 7 and Windows Server 2008 R2, this option applies to all profiles that are currently active on the\r\ncomputer.\r\n - **domain** specifies that the command applies only to the domain profile.\r\n \r\n - **standard** specifies that the command applies only to the private profile.\r\n \r\n - **all** specifies that the command applies to all profiles except the private profile.\r\n \r\nThe default value is **current**.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\ndelete allowedprogram C:\\MyApp\\MyApp.exe\r\ndelete allowedprogram program = C:\\MyApp\\MyApp.exe profile=all\r\nset icmpsetting\r\nSpecifies the types of ICMP traffic that are permitted through the firewall.\r\nSyntax\r\nset icmpsetting [ type = ] { 2-5 | 8-9 | 11-13 | 17 | all } [ [ mode = ] { enable | disable} ] [ [ profile= ] { current |\r\ndomain | standard | all } ]\r\nParameters\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 7 of 21\n\n[ type = ] { 2-5** | 8-9 | 11-13 | 17 | all }**\r\nRequired. The type of ICMP traffic to allow. The value must be one of the following ICMP message types:\r\n2 - Outbound packet too big.\r\n3 - Outbound destination unreachable.\r\n4 - Outbound source quench.\r\n5 - Redirect.\r\n8 - Inbound echo request (ping).\r\n9 - Inbound router request.\r\n11 - Outbound time exceeded.\r\n12 - Outbound parameter problem.\r\n13 - Inbound timestamp request.\r\n17 - Inbound mask request.\r\nall - All of the above types.\r\n[ [ mode = ] { enable | disable} ]\r\nSpecifies whether this exception is currently applied and active on the local computer. The default value is\r\nenable.\r\n[ [ profile = ] { current | domain | standard | all } ]\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\nNote\r\nOn Windows 7 and Windows Server 2008 R2, this option applies to all profiles that are currently active on the\r\ncomputer.\r\n - **domain** specifies that the command applies only to the domain profile.\r\n \r\n - **standard** specifies that the command applies only to the private profile.\r\n \r\n - **all** specifies that the command applies to all profiles except the private profile.\r\n \r\nThe default value is **current**.\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 8 of 21\n\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nset icmpsetting 8 enable all\r\nset icmpsetting type=all mode=disable\r\nset multicastbroadcastresponse\r\nSpecifies whether or not responses to a multicast or broadcast request are allowed through the firewall.\r\nSyntax\r\nset multicastbroadcastresponse [ mode = ] { enable | disable} [ [ profile= ] { current | domain | standard | all\r\n} ]\r\nParameters\r\n[ mode = ] { enable | disable}\r\nRequired. Specifies whether to enable or disable responses to multicast or broadcast traffic. The default\r\nvalue is enable.\r\n[ [ profile = ] { current | domain | standard | all } ]\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\ndomain specifies that the command applies only to the domain profile.\r\nstandard specifies that the command applies only to the private profile.\r\nall specifies that the command applies to all profiles except the private profile.\r\nThe default value is current.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nExamples\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 9 of 21\n\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nset multicastbroadcastresponse enable\r\nset multicastbroadcastresponse mode=enable profile=all\r\nset notifications\r\nSpecifies whether the firewall displays a pop-up notification to the user when a program attempts to listen on a\r\nport.\r\nSyntax\r\nset notifications [ mode = ] { enable | disable} [ [ profile= ] { current | domain | standard | all } ]\r\nParameters\r\n[ mode = ] { enable | disable}\r\nRequired. Specifies whether to enable or disable responses to multicast or broadcast traffic.\r\n[ [ profile = ] { current | domain | standard | all } ]\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\ndomain specifies that the command applies only to the domain profile.\r\nstandard specifies that the command applies only to the private profile.\r\nall specifies that the command applies to all profiles except the private profile.\r\nThe default value is current.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nset notifications enable\r\nset notifications disable\r\nset notifications mode=enable profile=current\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 10 of 21\n\nset logging\r\nSpecifies whether the firewall writes information to a log file, and what details are included. This command only\r\naffects the currently active profile.\r\nSyntax\r\nset logging [ [ filelocation = ] PathAndFileName ] [ [ maxfilesize = ] Integer ] [ [ droppedpackets = ] { enable |\r\ndisable } ] [ [ connections = ] { enable | disable } ]\r\nParameters\r\n[ [ filelocation = ] PathAndFileName ]\r\nSpecifies the path and file name of the file to which the firewall writes its log. The default value is\r\n%windir%\\pfirewall.log.\r\n[ [ maxfilesize = ] Integer ]\r\nSpecifies the maximum file size in kilobytes. Must be an integer value from 1 to 32767. The default value\r\nis 4096.\r\n[ [ droppedpackets = ] { enable | disable } ]\r\nSpecifies whether to include an entry for each packet dropped by the firewall. The default value is disable.\r\n[ [ connections = ] { enable | disable } ] ]\r\nSpecifies whether to include an entry for each successful connection. The default value is disable.\r\nAt least one parameter must be specified.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nset logging enable enable\r\nset logging 4096 enable disable\r\nset logging c:\\mylogs\\mylog.log 4096 enable enable\r\nset opmode\r\nSpecifies the operating mode of Windows Firewall.\r\nSyntax\r\nset opmode [ mode = ] { enable | disable } [ [ exceptions = ] { enable | disable } ] [ [ profile = ] { current |\r\ndomain | standard | all } ]\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 11 of 21\n\nParameters\r\n[ mode = ] { enable | disable}\r\nRequired. Specifies whether to turn the firewall on or off.\r\n[ [ exceptions = ] { enable | disable } ]\r\nSpecifies whether the firewall uses any currently defined port and program exceptions that are enabled. If\r\nexceptions=disable, then all enabled port and program exceptions are ignored. Default is enable.\r\n[ [ profile = ] { current | domain | standard | all } ]\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\nNote\r\nOn Windows 7 and Windows Server 2008 R2, this option applies to all profiles that are currently active on the\r\ncomputer.\r\n - **domain** specifies that the command applies only to the domain profile.\r\n \r\n - **standard** specifies that the command applies only to the private profile.\r\n \r\n - **all** specifies that the command applies to all profiles except the private profile.\r\n \r\nThe default value is **current**.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nset opmode enable\r\nset opmode mode=enable exceptions=enable\r\nadd portopening\r\nCreates a port-based exception.\r\nSyntax\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 12 of 21\n\nadd portopening [ protocol = ] { tcp | udp | all } [ port = ] Integer [ name = ] ExceptionName [ [ mode = ] {\r\nenable | disable } ] [ [ scope = ] all | subnet | custom } ] [ [ addresses = ] addresses ] [ [ profile = ] current |\r\ndomain | standard | all } ]\r\nParameters\r\n[ protocol = ] { tcp | udp | all }\r\nRequired. Specifies whether the port number refers to TCP, UDP, or both.\r\n[ port = ] Integer\r\nRequired. Specifies the port number to be excepted. Must be an integer value from 1 to 65535. Only a\r\nsingle value can be specified and port ranges are not supported.\r\n[ name = ] ExceptionName\r\nRequired. Specifies the name of the exception. This value is displayed in the Firewall control panel\r\nexception list.\r\n[ [ mode = ] { enable | disable } ]\r\nSpecifies whether this exception is currently applied and active on the local computer.\r\n[ scope = ] { all | subnet | custom }\r\nSpecifies the scope of the allowed network traffic from remote computers. all indicates that traffic is\r\nallowed from any computer, including those on the Internet. subnet indicates that traffic is allowed from\r\ncomputers on the local computer's subnet only. custom indicates that traffic is allowed from only those\r\ncomputers whose IP address matches the addresses parameter. The default value is all.\r\n[ addresses = ] { IPAddress | IPRange | Subnet | localsubnet }[,…]\r\nSpecifies a custom list of addresses for the scope=custom parameter. Each entry can be:\r\nAn IPv4 or IPv6 address. For example, 192.168.0.15.\r\nAn IPv4 or IPv6 range with start and end addresses separated by a '-'. For example, 192.168.0.1-\r\n192.168.0.50.\r\nA subnet indicated by the subnet address and subnet mask separated by a '/'. For example,\r\n192.168.0.0/255.255.255.0.\r\nA subnet indicated by the subnet address and a subnet prefix separated by a '/'. For example,\r\n10.1.0.0/16.\r\nThe keyword localsubnet, which includes all addresses that are on the local computer's current\r\nsubnet.\r\nMultiple entry types can be combined on a command line by separating them with commas: 172.16.0.0/16,\r\n10.0.0.0/255.0.0.0, 21AB:0000:0000:CD30::/60, localsubnet\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 13 of 21\n\n[ profile = ] { current | domain | standard | all }\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\nNote\r\nOn Windows 7 and Windows Server 2008 R2, this option applies to all profiles that are currently active on the\r\ncomputer.\r\n - **domain** specifies that the command applies only to the domain profile.\r\n \r\n - **standard** specifies that the command applies only to the private profile.\r\n \r\n - **all** specifies that the command applies to all profiles except the private profile.\r\n \r\nThe default value is **current**.\r\nYou must specify scope=custom to specify addresses. If scope=custom is used, then addresses cannot be\r\nblank.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nThe addresses parameter cannot contain an unspecified IPv6 address, a loopback address, or a multicast\r\naddress.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nadd portopening tcp 80 MyWebPort\r\nadd portopening udp 500 \"IKE Exception\" enable all\r\nadd portopening all 53 DNS enable custom 157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,localsubnet\r\nset portopening\r\nModifies the settings of an existing port-based exception.\r\nSyntax\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 14 of 21\n\nset portopening [ protocol = ] { tcp | udp | all } [ port = ] Integer [ [ name = ] ExceptionName ] ] [ [ mode = ] {\r\nenable | disable } ] [ [ scope = ] all | subnet | custom } ] [ [ addresses = ] addresses ] [ [ profile = ] current |\r\ndomain | standard | all } ]\r\nParameters\r\n[ protocol = ] { tcp | udp | all }\r\nRequired. Specifies whether the port number refers to TCP, UDP, or both.\r\n[ port = ] Integer\r\nRequired. Specifies the port number of the exception to be modified. Must be an integer value from 1 to\r\n65535. Only a single value can be specified and port ranges are not supported.\r\n[ [ name = ] ExceptionName ]\r\nSpecifies the name of the exception. This value is displayed in the Firewall control panel exception list.\r\n[ [ mode = ] { enable | disable } ]\r\nSpecifies whether this exception is currently applied and active on the local computer.\r\n[ scope = ] { all | subnet | custom }\r\nSpecifies the scope of the allowed network traffic from remote computers. all indicates that traffic is\r\nallowed from any computer, including those on the Internet. subnet indicates that traffic is allowed from\r\ncomputers on the local computer's subnet only. custom indicates that traffic is allowed from only those\r\ncomputers whose IP address matches the addresses parameter.\r\n[ addresses = ] { IPAddress | IPRange | Subnet | localsubnet }[,…]\r\nSpecifies a custom list of addresses for the scope=custom parameter. Each entry can be:\r\nAn IPv4 or IPv6 address. For example, 192.168.0.15.\r\nAn IPv4 or IPv6 range with start and end addresses separated by a '-'. For example, 192.168.0.1-\r\n192.168.0.50.\r\nA subnet indicated by the subnet address and subnet mask separated by a '/'. For example,\r\n192.168.0.0/255.255.255.0.\r\nA subnet indicated by the subnet address and a subnet prefix separated by a '/'. For example,\r\n10.1.0.0/16.\r\nThe keyword localsubnet, which includes all addresses that are on the local computer's current\r\nsubnet.\r\nMultiple entry types can be combined on a command line by separating them with commas: 172.16.0.0/16,\r\n10.0.0.0/255.0.0.0, 21AB:0000:0000:CD30::/60, localsubnet\r\n[ profile = ] { current | domain | standard | all }\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 15 of 21\n\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\nNote\r\nOn Windows 7 and Windows Server 2008 R2, this option applies to all profiles that are currently active on the\r\ncomputer.\r\n - **domain** specifies that the command applies only to the domain profile.\r\n \r\n - **standard** specifies that the command applies only to the private profile.\r\n \r\n - **all** specifies that the command applies to all profiles except the private profile.\r\n \r\nYou must specify at least one parameter other than port and protocol.\r\nYou must specify scope=custom to specify addresses. If scope=custom is used, then addresses cannot be\r\nblank.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nThe addresses parameter cannot contain an unspecified IPv6 address, a loopback address, or a multicast\r\naddress.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nset portopening tcp 80 \"My Web Port\"\r\nset portopening udp 500 \"IKE Exception\" enable all\r\nset portopening all 53 \"DNS Exception\" enable custom\r\n157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,localsubnet\r\ndelete portopening\r\nDeletes an existing port-based exception.\r\nSyntax\r\ndelete portopening\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 16 of 21\n\n[ protocol = ] { tcp | udp | all } [ port = ] Integer [ [ profile = ] current | domain | standard | all } ]\r\nParameters\r\n[ protocol = ] { tcp | udp | all }\r\nRequired. Specifies whether the port number refers to TCP, UDP, or both.\r\n[ port = ] Integer\r\nRequired. Specifies the port number to be excepted. Must be an integer value from 1 to 65535.\r\n[ profile = ] { current | domain | standard | all }\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\ndomain specifies that the command applies only to the domain profile.\r\nstandard specifies that the command applies only to the private profile.\r\nall specifies that the command applies to all profiles except the private profile.\r\nThe default value is current.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\ndelete portopening tcp 80\r\ndelete portopening protocol=all port=25\r\nset service\r\nEnables or disables the pre-defined file and printer sharing, remote administration, remote desktop, and UPnP\r\nexceptions.\r\nSyntax\r\nset service [ type = ] { fileandprint | remoteadmin | remotedesktop | upnp | all } [ [ mode = ] { enable |\r\ndisable } ] [ [ scope = ] { all | subnet | custom } ] [ [ addresses = ] { IPAddress | IPRange | Subnet | localsubnet }\r\n[,…] ] [ [ profile = ] { current | domain | standard | all } ]\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 17 of 21\n\nParameters\r\n[ type = ] { fileandprint | remoteadmin | remotedesktop | upnp | all }\r\nRequired. Specifies the service whose pre-defined rules are enabled or disabled. The value must be one of\r\nthe following:\r\nfileandprint. The file and printer sharing service.\r\nremoteadmin. The ability to remotely administer a computer running Windows.\r\nremotedesktop. The ability to use a Terminal Services client such as Remote Desktop.\r\nupnp. Universal Plug-and-Play protocol for networked devices.\r\nall. All of the above services.\r\n[ [ mode = ] { enable | disable } ]\r\nSpecifies whether this exception is currently applied and active on the local computer. The default value is\r\nenable.\r\n[ [ scope = ] { all | subnet | custom } ]\r\nSpecifies the scope of the allowed network traffic from remote computers. all indicates that traffic is\r\nallowed from any computer, including those on the Internet. subnet indicates that traffic is allowed from\r\ncomputers on the local computer's subnet only. custom indicates that traffic is allowed from only those\r\ncomputers whose IP address matches the addresses parameter.\r\n[ [ addresses = ] { IPAddress | IPRange | Subnet | localsubnet }[,…] ]\r\nSpecifies a custom list of addresses for the scope=custom parameter. Each entry can be:\r\nAn IPv4 or IPv6 address. For example, 192.168.0.15.\r\nAn IPv4 or IPv6 range with start and end addresses separated by a '-'. For example, 192.168.0.1-\r\n192.168.0.50.\r\nA subnet indicated by the subnet address and subnet mask separated by a '/'. For example,\r\n192.168.0.0/255.255.255.0.\r\nA subnet indicated by the subnet address and a subnet prefix separated by a '/'. For example,\r\n10.1.0.0/16.\r\nThe keyword localsubnet, which includes all addresses that are on the local computer's current\r\nsubnet.\r\nMultiple entry types can be combined on a command line by separating them with commas: 172.16.0.0/16,\r\n10.0.0.0/255.0.0.0, 21AB:0000:0000:CD30::/60, localsubnet\r\n[ [ profile = ] { current | domain | standard | all } ]\r\nSpecifies the firewall profile to which the command applies. The profile is determined by the detected\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 18 of 21\n\nnetwork location types accessible through the computer's network adapters.\r\ncurrent specifies that the command applies to the profile that is currently active on the computer.\r\nNote\r\nOn Windows 7 and Windows Server 2008 R2, this option applies to all profiles that are currently active on the\r\ncomputer.\r\n - **domain** specifies that the command applies only to the domain profile.\r\n \r\n - **standard** specifies that the command applies only to the private profile.\r\n \r\n - **all** specifies that the command applies to all profiles except the private profile.\r\n \r\nThe default value is **current**.\r\nYou must specify scope=custom to specify addresses. If scope=custom is used, then addresses cannot be\r\nblank.\r\nTo specify the profile associated with the public network location type, you must specify profile=current\r\nwhen the computer is attached to a public network.\r\nThe addresses parameter cannot contain an unspecified IPv6 address, a loopback address, or a multicast\r\naddress.\r\nExamples\r\nEach example must be entered as a single command line. The examples may be displayed on multiple lines below\r\nfor space reasons.\r\nset service fileandprint\r\nset service remoteadmin enable subnet\r\nset service type=remotedesktop mode=enable scope=custom\r\naddresses=157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,localsubnet\r\nshow commands\r\nThe following show commands are used to display the current configuration:\r\nNote\r\nThe show command cannot be used to see the list of exceptions for the public profile, even if the public profile is\r\nthe current profile. To see the list of exceptions for the public profile, use the Windows Firewall with Advanced\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 19 of 21\n\nSecurity MMC snap-in, and use the Filter by Profile option in the Actions pane.\r\nshow allowedprogram [ [ verbose = ] { enable | disable } ]\r\nDisplays the current list of program exceptions for the domain and standard profiles. Use the parameter\r\nverbose=enable to see additional details.\r\nshow config [ [ verbose = ] { enable | disable } ]\r\nDisplays the local configuration information for the domain and standard profiles, including the output of\r\nall other show commands. Use parameter verbose=enable to see additional details.\r\nshow currentprofile\r\nDisplays the current profile in use for the network location type.\r\nNote\r\nIf the current profile is the public profile, then this command shows the standard profile.\r\nshow icmpsetting [ [ verbose = ] { enable | disable } ]\r\nDisplays the ICMP settings. Use parameter verbose=enable to see additional details.\r\nshow logging\r\nDisplays the current logging settings.\r\nNote\r\nIf the current profile is the public profile, then this command shows the standard profile.\r\nshow multicastbroadcastresponse\r\nDisplays multicast/broadcast response settings for each profile.\r\nshow notifications\r\nDisplays whether the firewall displays pop-up notifications for each profile.\r\nshow opmode\r\nDisplays the operational mode for the firewall for each profile.\r\nshow portopening\r\nDisplays the current list of port exceptions for each profile. Use parameter verbose=enable to see\r\nadditional details.\r\nshow service\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 20 of 21\n\nDisplays the service configuration for each profile. Use parameter verbose=enable to see additional\r\ndetails.\r\nshow state\r\nDisplays the current state information for the firewall. Use parameter verbose=enable to see additional\r\ndetails.\r\nreset\r\nResets the configuration of Windows Firewall to default settings. All manually configured changes are lost. There\r\nare no parameters for the reset command.\r\nSource: https://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nhttps://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx\r\nPage 21 of 21",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx"
	],
	"report_names": [
		"cc771046(v=ws.10).aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775434726,
	"ts_updated_at": 1775826775,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bff49f4f12ac355951198478864d1f4592cbc31d.pdf",
		"text": "https://archive.orkl.eu/bff49f4f12ac355951198478864d1f4592cbc31d.txt",
		"img": "https://archive.orkl.eu/bff49f4f12ac355951198478864d1f4592cbc31d.jpg"
	}
}