Manage Windows Networking and Firewall with Best Steps

By Posted on

Manage Windows Networking and Firewall with Best Steps

Manage Windows Networking and Firewall with Best Steps

This guide, brought to you by Orcacore, aims to teach you How To Manage Windows Networking and Firewall with the Netsh (Network Shell) command.

Anyone who works with Windows network configurations will sooner or later encounter the Network Shell (Netsh). This interface between users and the operating system enables the administration and configuration of local and remote network settings.

The scope of applications includes settings for the Windows firewall, LAN/WLAN management, and IP and server configuration. Furthermore, networked infrastructure can be protected from external attacks. Using the command-line tool, it’s also possible to diagnose problems and carry out repairs within the network. A significant advantage of Netsh is that network-related administration tasks can be performed quickly and conveniently and can be automated with scripts. This article is focused on how to Manage Windows Networking and Firewall

To Manage Windows Networking and Firewall, you must log in to your Windows Client and follow the steps below.

1. Start Netsh Command on Windows 10/11

You can run the Netsh command from both CMD and PowerShell. Run PowerShell or CMD as an administrator and list available contexts with the following command:

netsh help
Netsh available commands
Netsh Available Commands

Netsh has multiple command contexts (subcommands). Each command context has multiple subcommands you can use. For example, to get a list of the available commands under the advfirewall context, run the help command as follows:

netsh advfirewall help
Netsh subcommands on Windows
Netsh Subcommands

You can run the help command for each context to see the different sets of available subcommands.

2. Manage Network Settings on Windows 10/11

At this point, you can use the Netsh command to manage your Windows networking.

List all Network Interfaces on Windows

To get a list of all network interfaces on your Windows, you can use the following command:

netsh interface show interface
<mark><strong>Example Output
</strong></mark>C:Windowssystem32>netsh interface show interface

Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
Enabled        Connected      Dedicated        Wi-Fi
Enabled        Disconnected   Dedicated        Ethernet

You can display the status of a specific interface by using the name of the interface, for example:

netsh interface show interface name="<strong><mark>Ethernet</mark></strong>"
<strong><mark>Example Output
</mark></strong>Ethernet
   Type:                 Dedicated
   Administrative state: Enabled
   Connect state:        Disconnected

Check IP Addresses on Windows

To check IP Addresses, use ipv4 and ipv6 contexts as follows:

# netsh interface ipv4 show addresses
# netsh interface ipv6 show addresses

This will give you all the IP addresses. You can use the command below to find the IP address of a specific interface, for example:

netsh interface ipv4 show addresses name="<strong><mark>Wi-Fi</mark></strong>"
<strong><mark>Example Output
</mark></strong>Configuration for interface "Wi-Fi"
    DHCP enabled:                         Yes
    IP Address:                           192...
    Subnet Prefix:                        192...
    InterfaceMetric:                      55

Manage IP Addresses on Windows

At this point, we want to show you some examples of configuring your IP addresses.

Set Static IP Address to a Network Interface

For example, you can assign a static IP Address to a network interface named Ethernet with the command below:

netsh interface ipv4 set address "<mark>Ethernet</mark>" static 192.168.1.10 255.255.255.0 192.168.1.1

In the above example, 192.168.1.1 is the default gateway. The following is the long format of the same command:

netsh interface ipv4 set address name="Ethernet" source=static address=192.168.1.10 mask=255.255.255.0 gateway=192.168.1.1

The following example shows how to configure a network interface to receive its IP configuration from the DHCP server:

netsh interface ipv4 set address name="<mark>Ethernet</mark>" source=dhcp

Manage Name Servers on Windows

At this point, you can use the nets command to configure your DNS servers.

Check DNS Server Addresses

You can check DNS server addresses with the following two commands for IPV4 and IPv6, respectively:

# netsh interface ipv4 show dnsservers
# netsh interface ipv6 show dnsservers

Configure the NIC (Network Interface Controller) to receive DNS server address assignment from the DHCP server:

netsh interface ipv4 set dnsservers "<mark>Ethernet</mark>" source=dhcp
H. Set Primary DNS Server Address on NIC

The following example shows how to set the primary DNS server address on the NIC named Ethernet:

netsh interface ipv4 set dnsservers name="<mark>Ethernet</mark>" static 192.168.1.1 <mark>primary</mark>

It will remove any existing DNS server IP addresses.

To add a name server without removing existing IP addresses, you can use the following Netsh command:

netsh interface ipv4 add dnsservers "<mark>Ethernet</mark>" 192.168.1.1 index=<mark>1</mark>

The above command sets the primary DNS server. If other IP addresses exist, they will move down on the list.

The following command sets the secondary DNS server:

netsh interface ipv4 add dnsservers "<mark>Ethernet</mark>" 192.168.1.2 index=<mark>2</mark>

3. Manage Windows Firewall with Netsh Command

At this point, we will show you how to use Netsh to configure Windows Defender Firewall. Manage Windows Networking and Firewall requires familiarity with firewall configurations.

Check Windows Firewall status

First, you can easily use the following command to check your Windows firewall status:

netsh advfirewall show allprofiles

The command will show the status for all Firewall profiles.

To check a specific Firewall profile (public, for example), run the netsh command as follows:

netsh advfirewall show publicprofile

The following command will show you the list of all Firewall profiles.

netsh advfirewall show help
<strong><mark>Output</mark>
</strong>The following commands are available:

Commands in this context:
show allprofiles - Displays properties for all profiles.
show currentprofile - Displays properties for the active profile.
show domainprofile - Displays properties for the domain properties.
show global    - Displays the global properties.
show privateprofile - Displays properties for the private profile.
show publicprofile - Displays properties for the public profile.
show store     - Displays the policy store for the current interactive session.

Turn on and Turn off the Windows Firewall

You can easily use the netsh command to turn on or off your Windows firewall:

# netsh advfirewall set allprofile state off
# netsh advfirewall set allprofile state on

Open a Port on Windows Firewall

To open a specific port through your Windows firewall, you can use the command below. Here, we want to open port 80 as an example:

netsh advfirewall firewall add rule name="allow80" dir=in protocol=tcp localport=80 action="allow"

Also, you can disable the above rule by using the command below:

netsh advfirewall firewall set rule name="allow80" new enable=no

If you want to open this port to a particular IP address, for example 192.168.1.10, you can run the command below:

netsh advfirewall firewall add rule name="allow80" dir=in protocol=tcp localport=80 remoteip="192.168.1.10" action=allow

To block port 80 from the above IP, you can run the command below:

netsh advfirewall firewall add rule name="block80" dir=in protocol=tcp localport=80 remoteip="192.168.1.10" action=block

Allow a Program to Windows Firewall

Here, you can use the command below to allow a program instead of a port, for example:

netsh advfirewall firewall add rule name="netcat" dir=in program="C:program files (x86)nmapncat.exe" action=allow

List All Firewall Rules

At this point, you can use the command below to list all your rules through the Windows firewall:

netsh advfirewall firewall show rule all

List all inbound rules:

netsh advfirewall firewall show rule all dir=in

Display all the settings for inbound rules called netcat, for example:

netsh advfirewall firewall show rule name="netcat" verbose

Conclusion

When using the netsh command, always use the help option to see the list of subcommands you can use. The help page also includes examples showing you how to Manage Windows Networking and Firewall.

Hope you enjoy this guide on Manage Windows Networking and Firewall. Please subscribe to us on Facebook and YouTube.

You may also like these articles:

How To Display Hidden Files on Windows 10

Clear Recent Files on Windows 11 and Windows 10

Run PowerShell as Administrator on Windows

Alternative Solutions for Managing Windows Networking and Firewall

While netsh is a powerful command-line tool, alternative methods exist for managing Windows networking and firewall settings, offering varying levels of convenience and flexibility.

1. Using the Windows GUI (Graphical User Interface)

The Windows GUI provides a user-friendly interface to configure networking and firewall settings.

Explanation: The Windows Settings app (or Control Panel in older versions) offers a visual way to manage network adapters, IP addresses, DNS servers, and firewall rules. This approach is generally easier for users unfamiliar with command-line interfaces.

Steps:

  • Network Settings: Open the Settings app (Windows key + I), go to "Network & Internet," and configure Ethernet or Wi-Fi connections. You can change IP addresses, DNS servers, and other settings through the adapter properties.
  • Firewall Settings: Search for "Windows Defender Firewall" in the Start menu. From there, you can enable/disable the firewall, allow apps through the firewall, and configure advanced settings for inbound and outbound rules.

Example:

To set a static IP address via the GUI:

  1. Go to Network & Internet settings.
  2. Click on "Ethernet" or "Wi-Fi," depending on your connection.
  3. Click on "Hardware properties"
  4. Click on "IP assignment" Edit and select "Manual"
  5. Enter the desired IP address, subnet mask, gateway, and DNS server addresses.

This method doesn’t involve code, but rather using visual menus and input fields to achieve the same results as the netsh commands.

2. Using PowerShell Cmdlets

PowerShell provides cmdlets (command-lets) specifically designed for managing networking and firewall configurations. This approach combines the power of scripting with a more structured syntax than netsh.

Explanation: PowerShell cmdlets offer a more object-oriented and consistent way to manage Windows settings compared to netsh. They are particularly useful for automation and scripting.

Code Example:

To set a static IP address using PowerShell:

#Requires -RunAsAdministrator

$InterfaceAlias = "Ethernet"
$IPAddress = "192.168.1.10"
$Netmask = "255.255.255.0"
$Gateway = "192.168.1.1"
$DnsServer1 = "192.168.1.1"
$DnsServer2 = "8.8.8.8"

# Disable DHCP
Disable-NetAdapterDHCP -InterfaceAlias $InterfaceAlias

# Set the static IP address, subnet mask, and gateway
New-NetIPAddress -InterfaceAlias $InterfaceAlias -IPAddress $IPAddress -PrefixLength ((Convert-String -InputObject $Netmask -As Script).Invoke() | ForEach-Object {$_.ToString("X2")}) -DefaultGateway $Gateway

# Set the DNS server addresses
Set-DnsClientServerAddress -InterfaceAlias $InterfaceAlias -ServerAddresses ($DnsServer1, $DnsServer2)

Write-Host "Static IP address configured successfully for interface: $InterfaceAlias"

Explanation of the PowerShell Code:

  • #Requires -RunAsAdministrator: This line ensures the script is run with administrator privileges.
  • $InterfaceAlias, $IPAddress, $Netmask, $Gateway, $DnsServer1, $DnsServer2: These variables store the desired network settings. Modify these values to match your specific network configuration.
  • Disable-NetAdapterDHCP: This cmdlet disables DHCP on the specified network interface.
  • New-NetIPAddress: This cmdlet assigns the static IP address, subnet mask, and gateway to the interface. The PrefixLength is derived from the subnet mask.
  • Set-DnsClientServerAddress: This cmdlet configures the DNS server addresses.
  • Write-Host: This command displays a confirmation message.

To open a port in the Windows Firewall using PowerShell:

#Requires -RunAsAdministrator

$Port = "80"
$Name = "AllowPort80"

New-NetFirewallRule -DisplayName $Name -Name $Name -Profile Any -Protocol TCP -LocalPort $Port -Action Allow -Direction Inbound

Write-Host "Firewall rule created successfully to allow port $Port"

Explanation of the PowerShell Code:

  • #Requires -RunAsAdministrator: This line ensures the script is run with administrator privileges.
  • $Port and $Name: These variables store the port number and the name of the firewall rule.
  • New-NetFirewallRule: This cmdlet creates a new firewall rule.
    • -DisplayName: Sets the display name of the rule in the Firewall UI.
    • -Name: Sets the unique identifier for the rule.
    • -Profile: Specifies the network profiles to which the rule applies (Domain, Private, Public, or Any).
    • -Protocol: Sets the protocol (TCP or UDP).
    • -LocalPort: Specifies the port to be opened.
    • -Action: Sets the action to "Allow".
    • -Direction: Sets the direction to "Inbound".
  • Write-Host: This command displays a confirmation message.

PowerShell offers a more programmatic and structured way to Manage Windows Networking and Firewall compared to netsh, making it suitable for complex configurations and automation.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *