Difference between revisions of "Configuring Windows XP firewall"

Revision as of 11:29, 26 May 2009

Using netsh for configuring the firewall

To disable Windows XP firewall, you have to execute the following:

netsh firewall set opmode disable

To add ports to the exception list:

netsh firewall add portopening [protocol] [port number] [rule name]

[protocol] can be TCP or UDP (remove the brackets when you insert your values).

To add a program to the exception list:

add allowedprogram program = [path] name = [name] mode = [ENABLE|DISABLE] scope = [ALL|SUBNET|CUSTOM] addresses = [addresses] profile = [CURRENT|DOMAIN|STANDARD|ALL]

Everything besides [program] and [name] is optional. You might want to check the article in the MS Windows XP TechCenter for default values and a detailed explanation.

To allow remote administration to the exception list:

netsh firewall set service remoteadmin enable

To allow file and printer sharing for Microsoft networks:

netsh firewall set service fileandprint enable

It is enough to execute those commands only once, as the settings will survive the reboot, so you may use execute="once".

Example

To open e.g. port 22 in the Windows XP firewall, you have to execute the following:

netsh firewall add portopening TCP 22 SSH enable subnet

On packages.xml you should add a line like below:

<package
        id="open-port-22"
        name="Open port 22 on windows firewall"
        revision="1"
        reboot="false"
        notify="false"
        priority="2">      
        
        <install cmd='netsh firewall add portopening TCP 22 SSH enable subnet' />
        
</package>

This is useful if you want to run a SSH server (i.e. freeSSHd), but still want to have your firewall enabled.