Microsoft Windows [Version 6.0.6001] (C) Copyright 2006 Microsoft Corp. c:\windows>netsh advfirewall firewall set rule ?
Usage: set rule
group=| name=[dir=in|out][profile=public|private|domain|any[,...]][program=][service=service short name|any][localip=any|||||][remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|||||][localport=0-65535|RPC|RPC-EPMap|any[,...]][remoteport=0-65535|any[,...]][protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
tcp|udp|any]
new
[name=][dir=in|out][program=[service=|any][action=allow|block|bypass][description=][enable=yes|no][profile=public|private|domain|any[,...]][localip=any|||||][remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|||||][localport=0-65535|RPC|RPC-EPMap|any[,...]][remoteport=0-65535|any[,...]][protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
tcp|udp|any][interfacetype=wireless|lan|ras|any][rmtcomputergrp=][rmtusrgrp=][edge=yes|no][security=authenticate|authenc|notrequired]
Remarks:
- Sets a new parameter value on an identified rule. The command fails
if the rule does not exist. To create a rule, use the add command.
- Values after the new keyword are updated in the rule. If there are
no values, or keyword new is missing, no changes are made.
- A group of rules can only be enabled or disabled.
- If multiple rules match the criteria, all matching rules will
be updated.
- Rule name should be unique and cannot be "all".
- If a remote computer or user group is specified, security must be
authenticate or authenc.
- If action=bypass, the remote computer group must be specified.
- Action=bypass is only valid for rules with dir=in.
- If service=any, the rule applies only to services.
- ICMP type or code can be "any".
- Edge can only be specified for inbound rules.
Examples:
Change the remote IP address on a rule called "allow80":
netsh advfirewall firewall set rule name="allow80" new
remoteip=192.168.0.2
Enable a group with grouping string "Remote Desktop":
netsh advfirewall firewall set rule group="remote desktop" new
enable=yes
