使用 netsh 設定防火牆

啟用防火牆：
netsh advfirewall set currentprofile state on

關閉防火牆：
netsh advfirewall set currentprofile state off

在例外清單中，加入連接埠，例如下面指令分別允許 TCP 1234 連入，禁止 UDP 5678 連出：

netsh advfirewall firewall add rule name="允許 TCP 1234 連入" protocol=TCP dir=in localport=1234 action=allow

netsh advfirewall firewall add rule name="禁止 UDP 5678 連入" protocol=UDP dir=out localport=5678 action=block

請注意啊！規則的名稱（也就是 name= 後面的文字）不能叫做 all（不管大小寫，都視為相同）。為什麼

呢？請看最後的範例就知道了。

如果要允許的連接埠是連續的呢？
例如下面允許 TCP 20、21 連入
netsh advfirewall firewall add rule name="允許 TCP 20~21 連入" protocol=TCP dir=in localport=20-21 action=allow

如果是應用程式的話呢？
netsh advfirewall firewall add rule name="允許 hello.exe 連入" dir=in program="c:\alexc\hello.exe" action=allow

那要怎麼知道防火牆所有的設定呢？
netsh advfirewall firewall show rule name="all"

Example:
netsh advfirewall firewall add rule name = "TCP-SQL Bypass Ports" dir = In protocol = TCP action = allow localport =

"1433,1434,4022,5022,5023" remoteip = 172.31.22.1,172.31.2.24,172.31.22.3 profile = Any

netsh advfirewall firewall add rule name = "TCP-SQL Bypass Ports" dir = In protocol = UDP action = allow localport =

"1433,1434,4022,5022,5023" remoteip = 172.31.22.1,172.31.22.2,172.31.22.3 profile = Any

netsh advfirewall firewall add rule name = "TCP-SQL Bypass Ports" dir = Out protocol = TCP action = allow localport =

"1433,1434,4022,5022,5023" remoteip = 172.31.22.1,172.31.22.2,172.31.22.3 profile = Any

netsh advfirewall firewall add rule name = "TCP-SQL Bypass Ports" dir = Out protocol = UDP action = allow localport =

"1433,1434,4022,5022,5023" remoteip = 172.31.22.1,172.31.22.2,172.31.22.3 profile = Any

netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=Yes

Note: Separating multiple IPs by comma without any space.