======Microsoft - Windows  - Windows Firewall======

[[http://technet.microsoft.com/en-us/network/bb545423|Microsoft TechNet - Networking and Access Technologies > Home > Technologies and Solutions > Windows Firewall]] \\


=====Windows XP=====

[[http://technet.microsoft.com/en-us/library/bb457149.aspx|Microsoft TechNet - Windows Firewall]] \\
[[http://technet.microsoft.com/en-us/library/bb490626.aspx|Microsoft TechNet - Deploying Windows Firewall Settings With Group Policy]] \\


=====Windows Vista=====

[[http://technet.microsoft.com/en-us/library/cc732283(WS.10).aspx|Microsoft TechNet - Windows Firewall with Advanced Security and IPsec]] \\
[[http://technet.microsoft.com/en-us/library/cc722141(WS.10).aspx|Microsoft TechNet - How Windows Firewall with Advanced Security Works]] describes firewall profile selection process on Windows Vista. Related:  [[http://technet.microsoft.com/en-us/library/cc753545(WS.10).aspx|Microsoft Technet - Network Location Awareness]] \\


=====Notes=====

Enable the "File and Printer Sharing (Echo Request - ICMPv4-In)" inboudn firewall rule for ping access if not yet enabled:
<code powershell>
if ((Get-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)").Enabled -eq "False") { Enable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" }
</code>

Set a remote IP address limitation on an existing rule:
<code powershell>
Get-NetFirewallRule -DisplayName "Application Server" | Get-NetFirewallAddressFilter | Set-NetFirewallAddressFilter -RemoteAddress "10.10.10.1"
</code>

Add an inbound firewall rule for port 1234 to Someservice.exe:
<code powershell>
New-NetFirewallRule `
-Name "Someservice" `
-DisplayName "Someservice" `
-Profile Any `
-Direction InBound `
-Action Allow `
-Protocol tcp `
-Localport 1234 `
-Program "C:\Program Files\Someservice\Someservice.exe" `
-Enabled True
</code>

Add an inbound firewall rule for TFTP to tftpd64exe:
<code powershell>
New-NetFirewallRule `
-Name "Tftpd" `
-DisplayName "Tftpd" `
-Profile Any `
-Direction InBound `
-Action Allow `
-Protocol udp `
-Localport 69 `
-Program "C:\Program Files\Tftpd64\tftpd64.exe" `
-Enabled True
</code>

Add an inbound firewall rule for SQL Server (tcp/1433) access from specific remote IP:
<code powershell>
New-NetFirewallRule `
-Name "SQL 1433" `
-DisplayName "SQL 1433" `
-Profile Any `
-Direction InBound `
-Action Allow `
-Protocol tcp `
-Localport 1433 `
-RemoteAddress 10.11.11.1 `
-Enabled True
</code>

Add an inbound firewall rule for multiple ports in one rule:
<code powershell>
New-NetFirewallRule `
-Name "Webserver 443,4344" `
-DisplayName "Webserver 443,4344" `
-Profile Any `
-Direction InBound `
-Action Allow `
-Protocol tcp `
-Localport 443,4344 `
-Enabled True
</code>