語法
用法: set rule group=<string> | name=<string> [dir=in|out] [profile=public|private|domain|any[,...]] [program=<program path>] [service=service short name|any] [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>] [localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any] [remoteport=0-65535|<port range>[,...]|any] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|tcp|udp|any] new [name=<string>] [dir=in|out] [program=<program path> [service=<service short name>|any] [action=allow|block|bypass] [description=<string>] [enable=yes|no] [profile=public|private|domain|any[,...]] [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>] [localport=0-65535|RPC|RPC-EPMap|any[,...]] [remoteport=0-65535|any[,...]] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|tcp|udp|any] [interfacetype=wireless|lan|ras|any] [rmtcomputergrp=<SDDL string>] [rmtusrgrp=<SDDL string>] [edge=yes|deferapp|deferuser|no (default=no)] [security=authenticate|authenc|authdynenc|notrequired]
舉例
netsh advfirewall firewall set rule name="文件和打印機共享(SMB-In)" new action=block
將“文件和打印機共享(SMB-In)”規則的“操作”從“允許”改為“阻止”。
注意,必須要有"new"指令。
防火牆
從防火牆的高級設置,入站規則里可以查看所有的規則。
參考