srvops
  • Server Ops
  • Linux
    • Network
      • Cisco
        • The 7 Layers of the OSI Model
        • LLDP
        • LACP
        • STP
        • multicast
        • config
        • Vlan
        • BGP
        • DPDK
      • Gateway
      • DHCP
    • Network Managment
      • FTP
      • Common
      • curl
      • finger
      • ping
      • wget
      • Transfer files
        • scp & sftp
        • ftp
      • ifconfig
      • ip
        • Route
      • DNS
      • tcpdump
      • iptables
      • LVS
    • Linux Fundamental
      • Kernel parameter tuning
      • kernel compilation
      • Kernel Upgrade
      • Performance
        • Links
        • Command for performance optimise
        • System performance test
        • CPU&Memory
        • Disk
        • raid
        • strace
        • truss strace ltrace
      • QA
      • Signs and Symbols
      • Disk management
      • File management
        • ls
        • Directory
        • cat & head/tail & more/less
        • chgrp
        • chmod-Permissions
        • chown
        • cp & mv
        • file & strings
        • find & locate
        • grep & egrep % fgrep
        • rename
        • vim
        • tr
        • sort
        • uniq
        • wc
        • diff - Compare Files
      • Disk management
        • dd
        • df
        • du
        • fdisk
        • format
        • free
        • mount
      • Process management
        • job & kill - Process and Job Control
        • ps
        • top
        • lsof
        • nohup
      • Basic Shell Command
        • xargs
        • awk
        • sed
        • cut
        • tar & gzip
        • wildcards
        • Input, Output, Redirection
        • Customizing the Shell Prompt
        • Aliases
        • export - Environment Variables
        • Cron
        • su & sudo -Switch User and running commands as others
        • history - shell history and Tab cpmpletion
        • yum & rpm - Installing software
        • LAMP & WordPress on Ubuntu
      • Keygen
      • Screen
      • Rsync
      • running level
      • Systemd
    • Open Source Application
      • Virtualization
        • VMware
          • Esxi- move management to another vSwitch
        • Vagrant
        • Vagrantfile
      • Kubernetes
      • Container
        • Docker
          • Install
          • Run
          • dockerfile
          • Docker Compose
          • Clean up docker on mac
          • Task
      • Cloud Foundry
      • Storage
      • consul
      • zookeeper
      • log
        • elasticsearch
      • version control
        • Git
        • SVN
    • Enterprise Application
      • Ansible
      • Terraform
      • Citrix
      • BlueKing
        • Architecture
        • Tecent develop
        • Data Storage
        • DB Migration Testing
      • Cobbler
  • ServerOps
    • MA_Scripts
      • Apply Server Patch For LIVE
      • Apply Server Patch For QA
      • PreServer_Patch
      • Get counter
      • Get Log
      • Service backup -local
      • Service backup -remote
      • Game Service Version
      • Stop/Start services on Live automation
      • encode&decode passwd string
      • CleanupLog
      • Firewall monitor
      • CheckGameServiceState-Monitoring
        • Create service for selenium
        • Config mail sender on centos
    • Security
      • Security Linux
        • CheckOutBound-Monitoring
      • Security Windows
        • Disable Disconnected Interface
        • Disable External Interface
        • Security policy apply
        • Windows Server Backup
        • Disable McAfee Agent
    • Normal Maintenance Procedure
    • Operation
      • auto create MA ticket
      • Check list for new server setup
      • Reduce core numbers on physical level
      • get server info
      • Setup Initialization - Windows Servers
        • 1.Install_saltminion
        • 2.Check_key&get_serialnumber
        • 3.Check_Windows_Update
        • 4.Windows_firewall_initial
        • 5.Normal Setting
        • 6.NTP
        • 7.OS_Harden
          • security_policy_command_check
          • security_policy_command.bat
          • security_policy_infchange.inf
        • 8.Install log collector
        • 9.Install anti virus - Mcafee
      • VMware
        • Revert Guest OS
    • Config
      • Common server configuration on Windows
        • registry windows service
        • Windows Firewall Command
      • Common server configuration on centos
        • Setup multiple saltmaster
        • Config mail sender on centos6
        • Install unrar on CentOS 6
    • Issue & solution
      • Centos6.* upgrade glibc
      • Use github pages build personal blog
  • Windows
    • Activity Directory
      • AD Database
      • Ports
  • DevOps
    • CI/CD
    • JAVA
      • spock
      • Maven
Powered by GitBook
On this page
  • Salt module for Windows firewall
  • Enable/Disable windows firewall inbound/outbound
  1. ServerOps
  2. Config
  3. Common server configuration on Windows

Windows Firewall Command

Turn on windows firewall:

NetSh Advfirewall set allprofiles state on

Turn off windows firewall:

NetSh Advfirewall set allprofiles state off

Check the status of Windows firewall:

Netsh Advfirewall show allprofiles

Disable rule:

netsh advfirewall firewall set rule name="xxxx" new enable=no

Enable rule:

netsh advfirewall firewall set rule name="xxxx" new enable=yes

Block inbound/outbound

netsh advfirewall set domainprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound

Initial settings:

echo * disable unused rules...
netsh advfirewall firewall set rule group="Core Networking" new enable=no
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=no
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=no
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=no
netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=no
netsh advfirewall firewall set rule group="SNMP Trap" new enable=no
netsh advfirewall firewall set rule group="Secure Socket Tunneling Protocol" new enable=no
netsh advfirewall firewall set rule group="Windows Security Configuration Wizard" new enable=no
netsh advfirewall firewall set rule group="Routing and Remote Access" new enable=no
netsh advfirewall firewall set rule group="Remote Volume Management" new enable=no
netsh advfirewall firewall set rule group="Remote Service Management" new enable=no
netsh advfirewall firewall set rule group="Remote Scheduled Tasks Management" new enable=no
netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=no
netsh advfirewall firewall set rule group="Remote Administration" new enable=no
netsh advfirewall firewall set rule group="Performance Logs and Alerts" new enable=no
netsh advfirewall firewall set rule group="Network Discovery" new enable=no
netsh advfirewall firewall set rule group="Netlogon Service" new enable=no
netsh advfirewall firewall set rule group="Key Management Service" new enable=no
netsh advfirewall firewall set rule group="iSCSI Service" new enable=no
netsh advfirewall firewall set rule group="Distributed Transaction Coordinator" new enable=no
netsh advfirewall firewall set rule group="DFS Management" new enable=no
netsh advfirewall firewall set rule group="Core Networking" new enable=no
netsh advfirewall firewall set rule group="COM+ Remote Administration" new enable=no
netsh advfirewall firewall set rule group="COM+ Network Access" new enable=no
netsh advfirewall firewall set rule group="BranchCache - Peer Discovery (Uses WSD)" new enable=no
netsh advfirewall firewall set rule group="Secure World Wide Web Services (HTTPS)" new enable=no
netsh advfirewall firewall set rule group="World Wide Web Services (HTTP)" new enable=no
netsh advfirewall firewall set rule group="Remote Desktop" new enable=no
netsh advfirewall firewall set rule group="Remote Desktop - RemoteFX" new enable=no
  
echo * add IP restriction to Remote Desktop
netsh advfirewall firewall add rule name="RDP" dir=in action=allow protocol=TCP localport=19896 remoteip="203.117.172.136,101.127.248.186"
 
netsh advfirewall firewall add rule name="DROP PORTS" dir=in action=block protocol=TCP localport=135-139
netsh advfirewall firewall add rule name="DROP 445" dir=in action=block protocol=TCP localport=445
 
netsh advfirewall set allprofiles state on
 
echo * done initialization

Salt module for Windows firewall

Add/delete rule

salt 'minion' firewall.add_rule 'rule_name' 'port' 'tcp' 'allow' 'in' 'xx.xx.xx.xx'
salt 'minion' firewall.delete_rule 'rule_name' 'port' 'tcp' 'in' 'xx.xx.xx.xx'

Enable/Disable windows firewall inbound/outbound

netsh advfirewall set domainprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound
netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound
 
netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound
netsh advfirewall set privateprofile firewallpolicy blockinbound,allowoutbound
netsh advfirewall set publicprofile firewallpolicy blockinbound,allowoutbound
Previousregistry windows serviceNextCommon server configuration on centos

Last updated 6 years ago