Microsoft TechNet - Windows Firewall
Microsoft TechNet - Deploying Windows Firewall Settings With Group Policy
Microsoft TechNet - Windows Firewall with Advanced Security and IPsec
Microsoft TechNet - How Windows Firewall with Advanced Security Works describes firewall profile selection process on Windows Vista. Related: Microsoft Technet - Network Location Awareness
Enable the “File and Printer Sharing (Echo Request - ICMPv4-In)” inboudn firewall rule for ping access if not yet enabled:
if ((Get-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)").Enabled -eq "False") { Enable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" }
Set a remote IP address limitation on an existing rule:
Get-NetFirewallRule -DisplayName "Application Server" | Get-NetFirewallAddressFilter | Set-NetFirewallAddressFilter -RemoteAddress "10.10.10.1"
Add an inbound firewall rule for port 1234 to Someservice.exe:
New-NetFirewallRule ` -Name "Someservice" ` -DisplayName "Someservice" ` -Profile Any ` -Direction InBound ` -Action Allow ` -Protocol tcp ` -Localport 1234 ` -Program "C:\Program Files\Someservice\Someservice.exe" ` -Enabled True
Add an inbound firewall rule for TFTP to tftpd64exe:
New-NetFirewallRule ` -Name "Tftpd" ` -DisplayName "Tftpd" ` -Profile Any ` -Direction InBound ` -Action Allow ` -Protocol udp ` -Localport 69 ` -Program "C:\Program Files\Tftpd64\tftpd64.exe" ` -Enabled True
Add an inbound firewall rule for SQL Server (tcp/1433) access from specific remote IP:
New-NetFirewallRule ` -Name "SQL 1433" ` -DisplayName "SQL 1433" ` -Profile Any ` -Direction InBound ` -Action Allow ` -Protocol tcp ` -Localport 1433 ` -RemoteAddress 10.11.11.1 ` -Enabled True
Add an inbound firewall rule for multiple ports in one rule:
New-NetFirewallRule ` -Name "Webserver 443,4344" ` -DisplayName "Webserver 443,4344" ` -Profile Any ` -Direction InBound ` -Action Allow ` -Protocol tcp ` -Localport 443,4344 ` -Enabled True