Windows Defender Firewall Management Guide

Published: March 3, 2023 | Last Modified: May 13, 2025

Tags: windows security firewall netsh system-administration windows-defender network-security command-line rdp port-management

Categories: Windows Security System Administration

Firewall Rules

Turn the firewall on or off

netsh advfirewall set allprofiles state on
netsh advfirewall set allprofiles state off

Exception for a program

This example allows incoming traffic for the program "WaspPunch.exe" located at "C:\Program Files (x86)\Wasp Technologies\WaspTime\WaspPunch.exe". The "dir=in" parameter specifies that the rule applies to inbound traffic. The "action=allow" parameter allows the traffic through, and "enable=yes" ensures that the rule is enabled.
netsh advfirewall firewall add rule name="WaspPunch.exe" dir=in action=allow program="C:\Program Files (x86)\Wasp Technologies\WaspTime\WaspPunch.exe" enable=yes

Exception for Remote Desktop

You do not need to create a separate exception for the port when whitelisting "remote desktop". When you enable the "remote desktop" rule group using this command it automatically allows traffic on the default Remote Desktop Protocol (RDP) port, which is TCP port 3389.
netsh advfirewall firewall set rule group="remote desktop" new enable=yes

Exception for a port

These rules allow incoming TCP traffic on ports 10004 and 10005. Again, the "dir=in" parameter specifies that the rules apply to inbound traffic, "action=allow" allows the traffic through, and "enable=yes" ensures that the rules are enabled.
netsh advfirewall firewall add rule name="10004" dir=in action=allow protocol=TCP localport=10004 enable=yes
netsh advfirewall firewall add rule name="10005" dir=in action=allow protocol=TCP localport=10005 enable=yes

Categories

Tags