Windows Advanced Firewall Management Tool
The netsh advfirewall command configures Windows Defender Firewall with Advanced Security, allowing you to create, modify, and delete firewall rules that control inbound and outbound network traffic.
Think of it like a security guard at your computer's network entrance - it decides which network traffic is allowed in or out based on rules you set. You can block malicious connections, allow specific apps through the firewall, or configure different security levels for domain, private, and public networks.
Advertisement
[ Insert Google AdSense Banner Code Here ]
Prevent unauthorized access and block known malicious ports.
Create rules to allow servers, games, or apps through the firewall.
Configure different security levels for domain, private, and public networks.
Export/import firewall policies for backup or compliance requirements.
netsh advfirewall show allprofiles Shows firewall status for all profiles (domain, private, public).
netsh advfirewall show currentprofile Shows firewall status for the currently active network profile.
netsh advfirewall firewall show rule name=all Lists all firewall rules (inbound and outbound).
netsh advfirewall firewall add rule name="Allow Port 8080" dir=in action=allow protocol=TCP localport=8080 Creates a rule to allow inbound TCP traffic on port 8080.
netsh advfirewall firewall add rule name="Block BadApp" dir=out action=block program="%ProgramFiles%\\BadApp\\app.exe" Blocks outbound connections from a specific program.
netsh advfirewall firewall delete rule name="MyRule" Deletes a firewall rule by name.
netsh advfirewall set allprofiles state on Enables the firewall on all profiles.
netsh advfirewall set allprofiles state off Disables the firewall on all profiles (NOT RECOMMENDED!).
netsh advfirewall reset Resets firewall to default settings (removes all custom rules).
netsh advfirewall export "C:\backup\firewall.wfw" Exports current firewall policy to a file for backup.
netsh advfirewall import "C:\backup\firewall.wfw" Imports a firewall policy from a backup file.
All netsh advfirewall commands require Administrator privileges. Use runas /user:administrator cmd to elevate.
Never disable your firewall permanently! Disabling the firewall exposes your computer to network attacks. Only disable temporarily for troubleshooting.
Always test rules carefully. Incorrect firewall rules can block legitimate traffic or expose services to the internet. Test in a safe environment first!
Practice netsh advfirewall commands in the interactive terminal below:
name="Rule Name" A friendly label for your rule so you can identify it later (e.g., "Block Minecraft" or "Allow Web Server")
dir=in|out Direction: "in" blocks/allows incoming traffic TO your computer, "out" blocks/allows outgoing traffic FROM your computer
action=allow|block What to do with matching traffic: "allow" lets it through, "block" stops it completely
protocol=TCP|UDP|ICMP|ANY Type of network traffic: TCP for web/apps, UDP for games/video, ICMP for ping, ANY for everything
localport=80,443,8080 The port number(s) on YOUR computer (e.g., 80 for web servers, 3389 for Remote Desktop, 25565 for Minecraft)
remoteport=any The port number on the OTHER computer you're connecting to (usually left as "any" unless you need specific control)
remoteip=192.168.1.100 The IP address of another computer you want to allow/block (e.g., only allow connections from your friend's IP address)
program="C:\path\to\app.exe" The full path to a specific application file (e.g., block Chrome from accessing internet or allow only Spotify)
profile=domain,private,public Where the rule applies: domain (work network), private (home/trusted), public (coffee shop/airport - most strict)
enable=yes|no Turn the rule on (yes) or off (no) without deleting it - useful for temporarily disabling rules for testing