netsh

一、2003以后命令介绍（以08为例）

1、查看所有类型的防火墙状态

netsh advfirewall show allprofiles

2、关闭防火墙

netsh advfirewall set allprofiles state off

3、开启防火墙

netsh advfirewall set allprofiles state on

4、重置防火墙规则（重置到刚装好系统时的状态）

netsh advfirewall reset

二、设置进出站规则

1、根据端口，增删入站规则

netsh advfirewall firewall add rule name=test dir=in action=allow protocol=tcp localport=333 //添加规则

netsh advfirewall firewall delete rule name=test dir=in protocol=tcp localport=333 //删除规则

2、根据端口，增删出站规则

netsh advfirewall firewall add rule name=test dir=out action=allow protocol=tcp localport=333 添加规则

netsh advfirewall firewall delete rule name=test dir=out protocol=tcp localport=333 删除规则

3、根据进程,增删入站规则

netsh advfirewall firewall add rule name=test dir=in action=allow program=c:\nc.exe 添加规则

netsh advfirewall firewall delete rule name=test dir=in program=c:\nc.exe 删除规则

4、根据进程,增删出站规则

netsh advfirewall firewall add rule name=test dir=out action=allow program=c:\nc.exe 添加规则

netsh advfirewall firewall delete rule name=test dir=out program=c:\nc.exe 删除规则

三、端口转发

1、地址类型设置如下

netsh interface portproxy add

将来自333端口的流量全部转发到192.168.191.130的22端口

netsh interface portproxy add v4tov4 listenport=333 connectaddress=192.168.191.130 connectport=22

netsh interface portproxy show all //查看所有转发规则

netstat -ano | find "333"      //查看端口是否运行起来

netsh interface portproxy delete v4tov4 listenport=333 删除转发规则