Microsoft Windows [Version 6.0.6001] (C) Copyright 2006 Microsoft Corp. c:\windows>netsh advfirewall consec set rule ?
Usage: set rule
group=| name=[type=dynamic|static][profile=public|private|domain|any[,...] (default=any)][endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|||||][endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|||||][port1=0-65535|any][port2=0-65535|any][protocol=0-255|tcp|udp|icmpv4|icmpv6|any]
new
[name=][profile=public|private|domain|any[,...]][description=][mode=transport|tunnel][endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway|||||][endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway|||||][action=requireinrequestout|requestinrequestout|
requireinrequireout|noauthentication][enable=yes|no][type=dynamic|static][localtunnelendpoint=|][remotetunnelendpoint=|][port1=0-65535|any][port2=0-65535|any][protocol=0-255|tcp|udp|icmpv4|icmpv6|any][interfacetype=wiresless|lan|ras|any][auth1=computerkerb|computercert|computerpsk|computerntlm>|
anonymous[,...]][auth1psk=][auth1ca="[certmapping:yes|no][excludecaname:yes|no]| ..."][auth1healthcert=yes|no][auth2=computercert|userkerb|usercert|userntlm|anonymous[,...]][auth2ca="[certmapping:yes|no]| ..."][auth2healthcert=yes|no][qmsecmethods=
ah:+esp:-+[valuemin]+[valuekb]|
default]
Remarks:
- Sets a new parameter value on an identified rule. The command fails
if the rule does not exist. To create a rule, use the add command.
- Values after the new keyword are updated in the rule. If there are
no values, or keyword new is missing, no changes are made.
- A group of rules can only be enabled or disabled.
- If multiple rules match the criteria, all matching rules will be
updated.
- Rule name should be unique and cannot be "all".
- Auth1 and auth2 can be comma-separated lists of options.
- Computerpsk and computerntlm methods cannot be specified together
for auth1.
- Computercert cannot be specified with user credentials for auth2.
- Qmsecmethods can be a list of proposals separated by a ",".
- For qmsecmethods, integrity=md5|sha1 and
encryption=3des|des|aes128|aes192|aes256
- If qmsemethods are set to default, qmpfs will be set to default
as well.
- Qmpfs=mainmode uses the main mode key exchange setting for PFS.
- The use of DES, MD5 and DHGroup1 is not recommended. These
cryptographic algorithms are provided for backward compatibility
only.
- The default value for certmapping and excludecaname is 'no'.
- The " characters within CA name must be replaced with \'
Examples:
Rename rule1 to rule 2:
netsh advfirewall consec set rule name="rule1" new
name="rule2"
Change the action on a rule:
netsh advfirewall consec set rule name="rule1"
endpoint1=1.2.3.4 endpoint2=4.3.2.1 new action=requestinrequestout
