Difference between revisions of "Configuring Windows XP firewall"
(Merged with 'Opening Port Windows XP firewall') |
(→Using netsh for configuring the firewall) |
||
| Line 14: | Line 14: | ||
add allowedprogram program = [path] name = [name] mode = [ENABLE|DISABLE] scope = [ALL|SUBNET|CUSTOM] addresses = [addresses] profile = [CURRENT|DOMAIN|STANDARD|ALL] | add allowedprogram program = [path] name = [name] mode = [ENABLE|DISABLE] scope = [ALL|SUBNET|CUSTOM] addresses = [addresses] profile = [CURRENT|DOMAIN|STANDARD|ALL] | ||
Everything besides [program] and [name] is optional. You might want to check the article in the [http://technet.microsoft.com/en-us/library/bb490617.aspx MS Windows XP TechCenter] for default values and a detailed explanation. | Everything besides [program] and [name] is optional. You might want to check the article in the [http://technet.microsoft.com/en-us/library/bb490617.aspx MS Windows XP TechCenter] for default values and a detailed explanation. | ||
| + | |||
| + | To allow remote administration to the exception list: | ||
| + | netsh firewall set service remoteadmin enable | ||
It is enough to execute those commands only once, as the settings will survive the reboot, so you may use ''execute="once"''. | It is enough to execute those commands only once, as the settings will survive the reboot, so you may use ''execute="once"''. | ||
Revision as of 14:35, 20 November 2008
Using netsh for configuring the firewall
To disable Windows XP firewall, you have to execute the following:
netsh firewall set opmode disable
To add ports to the exception list:
netsh firewall add portopening [protocol] [port number] [rule name]
[protocol] can be TCP or UDP (remove the brackets when you insert your values).
To add a program to the exception list:
add allowedprogram program = [path] name = [name] mode = [ENABLE|DISABLE] scope = [ALL|SUBNET|CUSTOM] addresses = [addresses] profile = [CURRENT|DOMAIN|STANDARD|ALL]
Everything besides [program] and [name] is optional. You might want to check the article in the MS Windows XP TechCenter for default values and a detailed explanation.
To allow remote administration to the exception list:
netsh firewall set service remoteadmin enable
It is enough to execute those commands only once, as the settings will survive the reboot, so you may use execute="once".
Example
To open e.g. port 22 in the Windows XP firewall, you have to execute the following:
netsh firewall add portopening TCP 22 SSH enable subnet
On packages.xml you should add a line like below:
<package
id="open-port-22"
name="Open port 22 on windows firewall"
revision="1"
reboot="false"
notify="false"
priority="2">
<install cmd='netsh firewall add portopening TCP 22 SSH enable subnet' />
</package>
This is useful if you want to run a SSH server (i.e. freeSSHd), but still want to have your firewall enabled.