比思論壇

標題: netsh advfirewall 设置防火墙 [打印本頁]

---

作者: hncszz    時間: 2021-9-10 23:42
標題: netsh advfirewall 设置防火墙

windows防火墙规则顺序：阻止规则的优先级高于允许规则

例：netsh advfirewall export "d:\test\advfirewall.pol"  // 将防火墙当前的所有配置导出到d:\test\advfirewall.pol文件

例：netsh advfirewall import "d:\test\advfirewall.pol"  // 将d:\test\advfirewall.pol文件中规则导入到防火墙中

例：netsh advfirewall reset  // 将防火墙还原为默认策略

例：netsh advfirewall set allprofiles state off  // 关闭所有类型网络的防火墙（域网络【Domain】、家庭或工作的专用网络【Private】、公用网络都关闭【Public】）

例：netsh advfirewall set allprofiles state on  // 开启所有类型网络的防火墙

例：netsh advfirewall set currentprofile state off  // 关闭当前类型网络的防火墙

例：netsh advfirewall set currentprofile state on // 开启当前类型网络的防火墙

例：netsh advfirewall set domainprofile state on  // 开启域网络的防火墙

例：netsh advfirewall set domainprofile state off  // 关闭域网络的防火墙

例：netsh advfirewall set privateprofile state on  // 开启家庭或工作的专用网络的防火墙

例：netsh advfirewall set privateprofile state off   // 关闭家庭或工作的专用网络的防火墙

例：netsh advfirewall set publicprofile state on  // 开启公用网络的防火墙

例：netsh advfirewall set publicprofile state off   // 关闭公用网络的防火墙

例：netsh advfirewall firewall show rule name=all   // 显示所有规则

例：netsh advfirewall firewall show rule name=foxmail   // 显示名为foxmail的所有规则

例：netsh advfirewall firewall set rule name="文件和打印机共享(回显请求 - ICMPv4-In)" new enable=yes  // 开启ping回显

例：netsh advfirewall firewall delete rule name=NiZhanBrowser  // 删除所有名为NiZhanBrowser的规则

例：netsh advfirewall firewall delete rule name=NiZhanBrowser dir=in  // 删除所有名为NiZhanBrowser的入站规则

例：netsh advfirewall firewall delete rule name=NiZhanBrowser action=block  // 删除所有名为NiZhanBrowser且操作为阻止的规则

例：netsh advfirewall firewall add rule name=TCP-In-8888 protocol=TCP localport=8888 dir=in action=allow  // 添加名为TCP-In-8888入站规则：允许TCP端口8888

例：netsh advfirewall firewall add rule name=TCP-In-8888 protocol=TCP localport=8888 dir=in action=block  // 添加名为TCP-In-8888入站规则：阻止TCP端口8888

例：netsh advfirewall firewall add rule name=TCP-In-8888 protocol=TCP localport=8888 dir=out action=allow  // 添加名为TCP-In-8888出站规则：允许TCP端口8888

例：netsh advfirewall firewall add rule name=TCP-In-8888 protocol=TCP localport=8888 dir=out action=block  // 添加名为TCP-In-8888出站规则：阻止TCP端口8888

// 添加名为test1入站规则：允许TCP端口8888、远程IP地址在10.96.208.0/23,10.96.154.0/23区间、远程Port在1024-2048,2050-65535

例：netsh advfirewall firewall add rule name=test1 protocol=TCP localport=8888 remoteip=10.96.208.0/23,10.96.154.0/23 remoteport=1024-2048,2050-65535 dir=in action=allow

// 添加名为test2入站规则：允许TCP端口8888、本地IP地址在10.46.50.32、本地Port在3702

例：netsh advfirewall firewall add rule name=test2 protocol=TCP localport=8888 localip=10.46.50.32 localport=3702 dir=in action=allow

// 添加名为test3入站规则：允许TCP端口8888、程序路径为：D:\tools\test3.exe

例：netsh advfirewall firewall add rule name=test2 protocol=TCP localport=8888 program="D:\tools\test3.exe" dir=in action=allow

注：netsh advfirewall firewall add rule ?  // 可用来查看帮助信息

---

歡迎光臨 比思論壇 (http://bisi666.cc/)

Powered by Discuz! X2.5