Changes

Everything besides [program] and [name] is optional. You might want to check the article in the [http://technet.microsoft.com/en-us/library/bb490617.aspx MS Windows XP TechCenter] for default values and a detailed explanation. To allow remote administration to the exception list: netsh firewall set service remoteadmin enable To allow file and printer sharing for Microsoft networks: netsh firewall set service fileandprint enable It is enough to execute those commands only once, as the settings will survive the reboot, so you may use ''execute="once"''. If you want to use check conditions to notice if someone has changed a rule, look in <code>HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\</code> for rules that involve opening particular ports. ==Examples== To open e.g. port 22 in the Windows XP firewall, you have to execute the following:  netsh firewall add portopening TCP 22 SSH enable subnet In packages.xml you should add a line like below:<source lang="xml"><package id="open-port-22" name="Open port 22 on windows firewall" revision="1" reboot="false" notify="false" priority="2"> <install cmd='netsh firewall add portopening TCP 22 SSH enable subnet' /> </package></source> This is useful if you want to run a SSH server (i.e. [[freeSSHd]]), but still want to have your firewall enabled. To add a rule to open 143/tcp to a particular network and to notice if someone changed your settings, the following can be used: <source lang="xml"><!-- Rule present and turned on --><package id="fw-143-example-on" name="Firewall: IMAP example on" revision="1" reboot="false" priority="0">  <check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\143:TCP" value="143:TCP:192.0.2.0/255.255.255.0:Enabled:IMAP example" />  <install cmd='netsh firewall add portopening TCP 143 "IMAP example" ENABLE CUSTOM "192.0.2.0/255.255.255.0"'> <exit code="0" /> </install>  <remove cmd='netsh firewall remove portopening TCP 143'> <exit code="0" /> </remove></package> <!-- Rule present but turned off --><package id="fw-143-example-off" name="Firewall: IMAP example off" revision="1" reboot="false" priority="0">  <check type="logical" condition="not" /> <!-- Depending on what you're trying to accomplish, you may want to check merely the existence of an entry for 143:TCP --> <check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\143:TCP" value="143:TCP:192.0.2.0/255.255.255.0:Enabled:IMAP example" /> </check>  <install cmd='netsh firewall add portopening TCP 143 "IMAP example" DISABLE CUSTOM "192.0.2.0/255.255.255.0"'> <exit code="0" /> </install>  <remove cmd='netsh firewall remove portopening TCP 143'> <exit code="0" /> </remove></package> </source>