Share via

Help: Administering Windows Firewall with Netsh

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Administering Windows Firewall with Netsh

Windows Firewall provides a firewall context, which you can use to configure Windows Firewall settings. To run Windows Firewall netsh commands, you must start netsh from the command prompt and then change to the firewall context by typing firewall. You can also run netsh firewall commands all on one line at the command prompt.

You cannot use the netsh firewall commands to remotely configure Windows Firewall settings, and you cannot use the dump command to create a script based on the current Windows Firewall configuration.

The following netsh firewall commands can be used in scripts or at the command line to configure Windows Firewall.

Command Description

add allowedprogram

Used to add a program-based exception.

set allowedprogram

Used to modify the settings of an existing program-based exception.

delete allowedprogram

Used to delete an existing program-based exception.

set icmpsetting

Used to specify Internet Control Message Protocol (ICMP) traffic that has been added to the exceptions list.

set multicastbroadcastresponse

Used to specify the unicast response to a multicast or broadcast request behavior.

set notifications

Used to specify the notification behavior.

set logging

Used to specify logging options.

set opmode

Used to specify the operating mode of Windows Firewall either globally or for a specific connection (interface).

add portopening

Used to create a port-based exception.

set portopening

Used to modify the settings of an existing port-based exception.

delete portopening

Used to delete an existing port-based exception.

set service

Used to enable or disable the predefined file and printer sharing, remote administration, Remote Desktop, and UPnP exceptions.

show allowedprogram

Displays the programs that have been added to the exceptions list.

show config

Displays the local configuration information.

show currentprofile

Displays the current profile.

show icmpsetting

Displays the ICMP settings.

show logging

Displays the logging settings.

show multicastbroadcastresponse

Displays multicast or broadcast response settings.

show notifications

Displays the current settings for notifications.

show opmode

Displays the operational mode.

show portopening

Displays the ports that have been added to the exceptions list.

show service

Displays the services.

show state

Displays the current state information.


  • Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

See Also


Netsh overview
Help: Understanding Windows Firewall
Help: Administering Windows Firewall through Control Panel
Help: Administering Windows Firewall with Group Policy
Help: Windows Firewall How To...