Just some notes on the Windows Firewall.
- Starting with Windows Vista and Windows Server 2008 you have to use the
netsh advfirewall firewall
command-line context to manage the firewall. You still have thenetsh firewall
context, but that’s just for backward compatibility. - Starting with Windows Vista and Windows Server 2008 you also have three profiles: domain (which applies when you are connected to a domain), public (for networks you mark as public), and private (for networks you mark as private/ home). Prior to this the firewall only had a domain profile (which is still present) and a standard profile (which now maps to the private profile). So by using the
netsh firewall
context you can only modify the domain and private profiles. netsh advfirewall firewall (show|add|set|delete)
commands can be used to view, add, modify, and delete rules. You can’t filter by rule names unfortunately. All you can do is filter for all rules based on their profile and direction (inbound or outbound). Moreover you can’t format the output and neither can you manage multiple rules (except if they are part of a group but then you can’t filter further in terms of “all rules of a particular group that belong to such and such profile”). Very limited, actually.- Starting with Windows 8 and Windows Server 2012 you have PowerShell 3 and this can manage the firewall. Unfortunately, while you can install PowerShell 3 on Windows 7 and Windows Server 2008 R2, it doesn’t have the NetSecurity module which provides the firewall cmdlets. So you can’t manage the firewall on these OSes with PowerShell 3. See this blog post for a list of PowerShell 3 firewall related cmdlets.