Protect / Defend – Windows – Firewall

 

List and toggle profile state

 

1.     List all firewall rules

netsh advfirewall firewall show rule name=all > firewall_rules.txt

2.     View current profile state

netsh advfirewall show currentprofile

3.     Change inbound policy

netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound

netsh advfirewall show currentprofile

4.     Toggle profiles off/on

netsh advfirewall set allprofile state off





netsh advfirewall set allprofile state on



NOTE: You can toggle individual profiles as well:

netsh advfirewall set publicprofile state off/on
netsh advfirewall set privateprofile state off/on
netsh advfirewall set domainprofile state off/on

Creating Rules

1.     Allow OpenSSH in for SFTP from anywhere.

netsh advfirewall firewall add rule name="OpenSSH SSH Server (sshd)" dir=in action=allow protocol=tcp localport=22

2.     Allow OpenSSH in for SFTP from specific IP

netsh advfirewall firewall add rule name="OpenSSH SSH Server (sshd)" dir=in action=allow protocol=tcp localport=22 remoteip=172.16.99.19



Note: You can also specify an entire subnet in the “remoteip=” parameter ex: 172.16.99.0/24

Deleting Rules

1.     Remove OpenSSH in for SFTP from specific IP

netsh advfirewall firewall delete rule name="OpenSSH SSH Server (sshd)"

Logging

1.     Enable logging dropped connections

netsh advfirewall set currentprofile logging droppedconnections enable

2.     Enable logging allowed connections

netsh advfirewall set currentprofile logging allowedconnections enable

3.     Check the logs

Navigate: “%systemroot%system32\logfiles\firewall\pfirewall.log”