关闭所有类型网络的防火墙
netsh advfirewall set allprofiles state off
开启所有类型网络的防火墙
netsh advfirewall set allprofiles state on
示例
< in | out > : <入站 | 出站>
< allow | block > : <允许 | 禁止>
例:接下来看看使用命令行如何阻断攻击IP
netsh advfirewall firewall add rule name="disabledIP" dir=in action=block remoteip=1.1.1.1
那如果给一个IP列表呢?批处理循环好像可以实现。但没必要,这样写就好:
netsh advfirewall firewall add rule name="disabledIP" dir=in action=block remoteip="1.1.1.1,2.2.2.2,3.3.3.3"
允许192.168.7.110访问本机上的网站
netsh advfirewall firewall add rule name=allowWeb dir=in action=allow localport=80 protocol=tcp remoteip=192.168.7.110
netsh advfirewall firewall add rule name=allowWeb dir=in action=allow localport=80 protocol=tcp remoteip="1.1.1.1/31,2.2.2.2/31,3.3.3.3/31"
例:添加名为TCP-In-8888入站规则:允许TCP端口8888
netsh advfirewall firewall add rule name=TCP-In-8888 protocol=TCP localport=8888 dir=in action=allow
例:添加名为TCP-In-8888入站规则:阻止TCP端口8888
netsh advfirewall firewall add rule name=TCP-In-8888 protocol=TCP localport=8888 dir=in action=block
例:添加名为TCP-out-8888出站规则:允许TCP端口8888
netsh advfirewall firewall add rule name=TCP-out-8888 protocol=TCP localport=8888 dir=out action=allow
例:添加名为TCP-out-8888出站规则:阻止TCP端口8888
netsh advfirewall firewall add rule name=TCP-out-8888 protocol=TCP localport=8888 dir=out action=block
例:添加允许ping的规则
netsh advfirewall firewall add rule name=允许ping protocol=icmpv4 dir=in action=allow
例:删除名为xxx的防火墙规则,如果
name=all 表示删除所有规则
netsh advfirewall firewall delete rule name=xxx
程序
netsh advfirewall firewall add rule name="<名称>" dir=<in | out> program="<程序路径>" action=<allow | block>
注册表
按下Win+R,点击“运行”,输入regedit并回车。也可通过注册表来添加,相关键值如下:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
找到想要修改的注册表值(例如"RemoteDesktop-UserMode-In-TCP"一值),双击,然后复制其数值数据到记事本中
将RA4=X.X.X.X-X.X.X.X|RA4=x.x.x.x插入其数据中(“RA4”意为 远程 IP 地址4代,如需ipv6请使用“RA6”):