How do I set the firewall like it's brand new??

jumper77 · 30 Jan 2019

I'm new to Netsh and need some help with something. What I want to do is set the firewall to a state where nothing is allowed inbound or outbound. Once I have done that, I want to add programs to the whitelist one at a time. What I want is to be able to start with a clean slate.

I thought resetting the firewall would do that, but it doesn't (at least not for me).

I have the command to block all inbound and outbound traffic...

Code:

netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound

Hope this question is clear.... if not, feel free to ask anything
Thanks in advance for any help!

TairikuOkami · 30 Jan 2019

Code:

netsh advfirewall firewall delete rule name=all

You will most likely also want to allow svchost.exe for DNS, updating certificates, windows updates, etc.

Code:

netsh advfirewall firewall add rule name="Svchost DNS" dir=out action=allow protocol=UDP remoteport=53 program="%WINDIR%\System32\svchost.exe"
netsh advfirewall firewall add rule name="Svchost TCP" dir=out action=allow protocol=TCP remoteport=80,443 program="%WINDIR%\System32\svchost.exe"

Samuria · 30 Jan 2019

To reset the Windows Firewall to its default settings, do the following:

Open Control Panel.
Click on System and Security.
Click on Windows Firewall.
On the left pane, click the Restore defaults link.
Click the Restore defaults button.
Click Yes to confirm.

dalchina · 30 Jan 2019

Hi, just wondering how you are intending to use this. There is quite a bit of background activity by Windows, updating apps, app content, 3rd party programs validating registration etc etc.

If you are aiming to whitelist only those things you know, that would exclude a lot of others.

Put another way, how would you know what you're blocking?

I remember that Zonealarm firewall (many years back) could prompt the user to allow or deny access. That is, the user could have control, but be prompted. That might be still the case, and would address the issue of determining what should and shouldn't be allowed.

Manage application interactions

The application control feature literally keeps an eye on all running processes and their behavior, and if the learning mode is selected from the setup process you are prompted whenever applications interact in order to allow or deny their activity if you consider it suspicious.

Easily set up the security level

Settings can be fully customized, with sliders to adjust the level of security the application should apply. Furthermore, all programs can be viewed, as well as their status and trust level, and you can fully manage them and add your own.

Download ZoneAlarm Free Firewall 15.0.159.17147

jumper77 · 30 Jan 2019

Thank you TairikuOkami. That worked fine. And thanks to everyone else too! And thank you also dalchina. I know that I need to add certain things back in after the reset. I need to do my homework on that and try to find all of the programs that should be allowed from the beginning and add those rules back in. And I appreciate those that mentioned some of the programs that should bypass the firewall by default.

Hope everyone has a great day/night!

TairikuOkami · 30 Jan 2019

When I create rules for WF, I temporarily allow all outbound, then use LiveTcpUdpWatch to watch the traffic and create rules accordingly. I use IPNetInfo to get IP ranges (for CDN). My rules for comparison:

jumper77 · 30 Jan 2019

TairikuOkami said:

When I create rules for WF, I temporarily allow all outbound, then use LiveTcpUdpWatch to watch the traffic and create rules accordingly. I use IPNetInfo to get IP ranges (for CDN). My rules for comparison:

Thank you for the link to the tools. They will come in handy! I have been a fan of NirSoft and have used NirCmd for years.

How do I set the firewall like it's brand new??

RESOLVED: How do I set the firewall like it's brand new??

How do I set the firewall like it's brand new??