Is there any way within a batch file to open up specific ports on Windows through a batch file? It would be nice to have the installer do this for our server application rather than having the user manually do it.
Use netsh.exe. A very simple batch file that takes a port argument:
#echo off
rem -- open port (first argument passed to batch script)
netsh advfirewall firewall add rule name="Open Port %1" dir=in action=allow protocol=TCP localport=%1 remoteip=10.15.97.0/24,10.17.0.0/16
This is an extension of solution provided by #Kevin Richardson.
Note that "netsh advfirewall add rule" command will create a new rule with the same name every time you run the same command. The script below helps to prevent it
ECHO OFF
set PORT=8081
set RULE_NAME="Open Port %PORT%"
netsh advfirewall firewall show rule name=%RULE_NAME% >nul
if not ERRORLEVEL 1 (
rem Rule %RULE_NAME% already exists.
echo Hey, you already got a out rule by that name, you cannot put another one in!
) else (
echo Rule %RULE_NAME% does not exist. Creating...
netsh advfirewall firewall add rule name=%RULE_NAME% dir=in action=allow protocol=TCP localport=%PORT%
)
Related
I am not a bro in batch scripts, but i can adapt.
I am trying to make a batch file that will check the firewall state, and toggle it(ON/OFF).
Note: [the output of the command contain ON or OFF in it's output alongside with other strings].
set "result=" netsh advfirewall show allprofiles state
IF not x%result:ON=%==x%result% (
::Disable Firewall
NetSh Advfirewall set allprofiles state off
) ELSE (
::Enable Firewall
NetSh Advfirewall set allprofiles state on
)
the problem as you see the result variable only contain the last line of the command output, so how to store the multi-line output of the command in a variable without having to store the command's output in a file as it seems redundant.
You should be able to do it with a single command line without the need for variables or the use of a for-loop:
#NetSh AdvFirewall Show CurrentProfile State|Find "ON">NUL&&(NetSh AdvFirewall Set CurrentProfile State OFF)||NetSh AdvFirewall Set CurrentProfile State ON
For an extended batch-file version, also ensures that inbound and outbound rules are set. (Please note that these are examples only, not recommendations and have been provided to better show the layout of the original suggestion when split over multiple lines):
#Echo Off
NetSh AdvFirewall Show CurrentProfile State | Find "ON" >NUL && (
NetSh Advfirewall Set CurrentProfile FirewallPolicy BlockInboundAlways,AllowOutbound
NetSh AdvFirewall Set CurrentProfile State OFF
) || (
NetSh AdvFirewall Set CurrentProfile State ON
NetSh Advfirewall Set CurrentProfile FirewallPolicy AllowInbound,AllowOutbound
)
Please note that these are language dependent, so may need adjustment if your system language is not English.
If you are not a member of the Administrators group, and UAC is enabled on your PC, run the script as administrator.
I was creating a batch script to run several commands to enable winrm, changing network category and such and I got across a problem with the netsh command, specifically netsh advfirewall firewall set rule group=”Network Discovery” new enable=yes
After digging around and messing with UAC and registry I understood my problem: Windows language.
So the command is setting the rule to the Network Discovery, however in my language (portuguese btw) the group is called Deteção de Rede and thus making the script unable to run across several Windows machines with different languages, making the user enable network sharing manually.
My question is: Is there global way of calling the Network Discovery group? or creating a new group linking to it?
This is my script btw:
#ECHO ON
REM Run as admin
powershell.exe /c Get-NetConnectionProfile;
powershell.exe /c Set-NetConnectionProfile -NetworkCategory Private;
powershell.exe /c netsh advfirewall firewall set rule group=”Deteção de Rede” new enable=yes
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set winrm/config/service #{AllowUnencrypted="true"}
cmd.exe /c winrm set winrm/config/service/auth #{Basic="true"}
#ECHO Done.
Thankfully to #lit I found a way to set the rules to the group.
Used the command powershell.exe /c netsh advfirewall firewall set rule group="#FirewallAPI.dll,-32752" new enable=Yes to enable Network Sharing and powershell.exe /c netsh advfirewall firewall set rule group="#FirewallAPI.dll,-28502" new enable=Yesto enable files and print sharing
(if you want to use this to target a windows machine you may want to activate them both) and now i'm able to run my ansible playbook to windows
I am tasked with creating a batch file that will do the following:
1) Start Windows Firewall Service
2) Add Entries into Windows Firewall to block network access to some Network Locations
3) Delete the mapped Network Drive
I have got the following command line scripts which do these tasks individually. However, I am not sure how I can put all of them into a single batch file which will do the steps one after the other.
net stop <Service-Name>
netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=<IP_Address>/32
net use x: /delete
Can someone please guide on how do I put these commands into a batch file which will simply execute when I run it.
Thanks.
Just place the commands into a text file with the file extention of .bat.
Each command gets its own line.
Below is an example of your file with command line arguments. %1, %2, %n each indicate the position of the command line argument.
E.G. %1 is the first argument, %2 is the second and so on.
net stop %1
netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=%2/32
net use x: /delete
You can execute the batch file with the command line arguments:
ScriptName.bat ServiceName 123.123.123.123
And it will execute as follows:
net stop ServiceName
netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=123.123.123.123/32
net use x: /delete
Hard coded example:
ScriptName.bat:
net stop wuauserv
netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=192.168.0.1/32
net use x: /delete
To execute it, just call the file name:
ScriptName.bat
Cheers!
I have a script that sets up SQL Server after it has installed. It detects if the windows firewall is on and adds ports to the windows firewall service.
However it seems very confusing as to how to actually establish if it's "really" running or not.
I thought by checking if the service was running 'then doing stuff or not' would suffice, but seems even if the windows firewall is OFF the service still runs, so the port adding netsh script section runs unnecessarily.
I have also looked at settings in the registry and they also can be set to on, even if the service is running but the firewall is off.
Any pointers to perhaps a better method to avoid running parts of the script without really needing to.
Usually installing server 2008 mostly, some 2012 & the odd 2016. Thanks.
sc query MpsSvc | find "RUNNING" >nul
IF %ERRORLEVEL% EQU 0 (goto firewall) ELSE (goto start)
The proper method to disable the Windows Defender Firewall is to disable the Windows Defender Firewall Profiles and leave the service running.
So…
Turn Off using batch file:
#NetSh AdvFirewall Set AllProfiles State Off
Turn On using batch file:
#NetSh AdvFirewall Set AllProfiles State On
Turn Off using Powershell from a batch file:
#Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False"
Turn On using Powershell from a batch file:
#Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True"
To determine the state, you could parse the result of Show:
#NetSh AdvFirewall Show AllProfiles State|Find /I " ON">Nul&&(#Echo Is On)||#Echo Is Off
I am using this code to add the software "example.exe" to the exception list:
netsh advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=in name=example_in program = "C:\\Program Files\\example.exe" > NUL
netsh advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=out name=example_out program = "C:\\Program Files\\example.exe" > NUL
How can I do the "in|out" part in one only line?
I mean something like:
netsh advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=any name=example_in program = "C:\\Program Files\\example.exe" > NUL
You could do this with a quicky batch file like:
for %%x in (in out) do (
netsh advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=%%x name=example_%%x program = "C:\\Program Files\\example.exe" > NUL
)