In today's article we will use a completely different way to implement a similar configuration for the new Windows Server 2008 advanced Firewall, which is to use the Netsh tool to configure the firewall in the way the Windows command line interface (CLI) does. There are many reasons to choose this configuration, so let's look for answers together.
Understanding netsh advfirewall tools
In the new Windows 2008 server, you will see a more advanced host-based firewall. In the last article we have mentioned some of its new features:
• New graphical interface-now configures this advanced firewall with a management console unit.
• Bidirectional protection-Filters outbound and inbound traffic.
• Better fit with IPSec-now the firewall rules and IPSec encryption configuration are integrated into an interface.
• Advanced rule configuration-You can create firewall rules for various objects on Windows Server and configure firewall rules to determine whether traffic is blocked or allowed through Windows Firewall with Advanced Security.
Netsh is a command-line tool that you can use to configure network component settings. Windows Firewall with Advanced Security provides the Netsh advfirewall tool that you can use to configure Windows Firewall settings with Advanced security. Using Netsh advfirewall, you can create scripts to automatically configure a set of Windows Firewall settings with Advanced security for both IPV4 and IPV6 traffic. You can also use the netsh advfirewall command to display the configuration and status of Windows Firewall with Advanced Security.
Why use a command-line interface to configure a Windows Firewall?
As the saying goes, each of the turnip greens. Some people prefer to use a graphical snap-in to configure the new firewall, while others prefer to complete their configuration by command line, for the following reasons:
• Faster configuration-Once you have mastered how to use the netsh advfirewall command, it is much faster to configure the firewall than to use a graphical interface.
• Scripting can be written-you can use this tool to script some of the most common features.
• Firewalls can still be configured when the graphical interface is not available-like other command-line tools, you can still use the netsh advfirewall tool to configure the firewall when the graphical interface is not available, such as in Windows Server 2008 Core mode.
What commands are available?
The Netsh Advfirewall commands are very numerous, and today we choose some of the most common commands you must master to introduce to everyone.
1. Help command (or "?")
Although simple, this may be the most useful command. Any time you type "?" command, you will see all the options related to the context, as shown in Figure 1.
Figure 1, Netsh advfirewall and help options