Windows XP SP2 and beyond use Windows Firewall to prevent from outside attack. If you have a legitimate program that needs access you can add an exception to the computer for that program. You can do this through the Control Panel on each machine, the Group Policy for multiple machines (more info from Microsoft), or through a script for maximum flexibility.
The scripting syntax for adding an exception looks like this:
netsh firewall add allowedprogram "c:program filesmy programProgram32.exe" Program ENABLE
netsh firewall gets into the ability to modify the firewall. To add a program you need both add and allowedprogram. Then type the path to the program, the name of the program, and ENABLE.
You can be a lot more specific with more parameters, like adding it to specific profiles or a specific scope of network traffic. From netsh firewall add /?
The syntax supplied for this command is not valid. Check help for the correct syntax.
add allowedprogram
[ program = ] path
[ name = ] name
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]Adds firewall allowed program configuration.
Parameters:
program – Program path and file name.
name – Program name.
mode – Program mode (optional).
ENABLE – Allow through firewall (default).
DISABLE – Do not allow through firewall.scope – Program scope (optional).
ALL – Allow all traffic through firewall (default).
SUBNET – Allow only local network (subnet) traffic through firewall.
CUSTOM – Allow only specified traffic through firewall.addresses – Custom scope addresses (optional).
profile – Configuration profile (optional).
CURRENT – Current profile (default).
DOMAIN – Domain profile.
STANDARD – Standard profile.
ALL – All profiles.Remarks: ‘scope’ must be ‘CUSTOM’ to specify ‘addresses’.
Examples:
add allowedprogram C:MyAppMyApp.exe MyApp ENABLE
add allowedprogram C:MyAppMyApp.exe MyApp DISABLE
add allowedprogram C:MyAppMyApp.exe MyApp ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
add allowedprogram program = C:MyAppMyApp.exe name = MyApp mode = ENABLE
add allowedprogram program = C:MyAppMyApp.exe name = MyApp mode = DISABLE
add allowedprogram program = C:MyAppMyApp.exe name = MyApp mode = ENABLE
scope = CUSTOM addresses =
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
You can do more than just add exceptions, you can: delete, reset to default, set, or show.
The following commands are available:
Commands in this context:
? – Displays a list of commands.
add – Adds firewall configuration.
delete – Deletes firewall configuration.
dump – Displays a configuration script.
help – Displays a list of commands.
reset – Resets firewall configuration to default.
set – Sets firewall configuration.
show – Shows firewall configuration.To view help for a command, type the command, followed by a space, and then
type ?.
For example, to get a list of current exceptions you would run:
netsh firewall show allowedprogram
To get that command to output to a text file, just redirect it to a text file like this:
netsh firewall show allowedprogram > firewallconfig.txt
That will put the firewall configuration in a text file called firewallconfig in the directory from which the script is run. You can specify the complete directory for firewallconfig.txt if you want it in a specific location.
The netsh command has some other functionality and warrants checking out. Just enter netsh /? for more info in a command prompt window.