JSI Tip 8399. How can I report Windows Firewall settings?


In Windows XP SP2, the netsh command has been enhanced to help troubleshoot Windows Firewall.

When I type 'netsh firewall show config', I receive:

Domain profile configuration (current):
-------------------------------------------------------------------
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable

Service configuration for Domain profile:
Mode     Customized  Name
-------------------------------------------------------------------
Enable   No          File and Printer Sharing
Enable   No          UPnP Framework

Allowed programs configuration for Domain profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable   Windows Messenger / C:\Program Files\Messenger\msmsgs.exe
Enable   Microsoft FrontPage / C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
Enable   pcAnywhere Main Program / C:\Program Files\Symantec\pcAnywhere\winaw32.exe
Enable   Internet Explorer / C:\Program Files\Internet Explorer\iexplore.exe
Enable   mnmsrvc.exe / C:\WINDOWS\SYSTEM32\mnmsrvc.exe

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
2000   TCP       Enable   Remotely AnyWhere
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Standard profile configuration:
-------------------------------------------------------------------
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable

Service configuration for Standard profile:
Mode     Customized  Name
-------------------------------------------------------------------
Enable   No          File and Printer Sharing
Enable   No          UPnP Framework

Allowed programs configuration for Standard profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Log configuration:
-------------------------------------------------------------------
File location   = C:\WINDOWS\pfirewall.log
Max file size   = 4096 KB
Dropped packets = Disable
Connections     = Enable

JSIINC firewall configuration:
-------------------------------------------------------------------
Operational mode                  = Enable

Port configuration for JSIINC:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
10256  UDP       Enable   msmsgs 10256 UDP
12646  TCP       Enable   msmsgs 12646 TCP
10498  TCP       Enable   msmsgs 10498 TCP

1394 Connection 2 firewall configuration:
-------------------------------------------------------------------
Operational mode                  = Enable

When I type 'netsh firewall show state verbose=enable', I receive:

Firewall status:
-------------------------------------------------------------------
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Enable
        Scope: *

Local exceptions allowed by group policy:
-------------------------------------------------------------------
Open ports       = Enable
Allowed programs = Enable

Log settings:
-------------------------------------------------------------------
File location   = C:\WINDOWS\pfirewall.log
Max file size   = 4096 KB
Dropped packets = Disable
Connections     = Enable

Service settings:
Mode     Customized  Name
-------------------------------------------------------------------
Enable   No          File and Printer Sharing
        Scope: *
Enable   No          UPnP Framework
        Scope: LocalSubNet
Disable  No          Remote Desktop
        Scope: *

Program exceptions:
Mode     Local policy  Name / Program
-------------------------------------------------------------------
Enable   Yes           Internet Explorer / C:\Program Files\Internet Explorer\iexplore.exe
        Scope: *
Enable   Yes           Windows Messenger / C:\Program Files\Messenger\msmsgs.exe
        Scope: *
Enable   Yes           Microsoft FrontPage / C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE
        Scope: *
Enable   Yes           pcAnywhere Main Program / C:\Program Files\Symantec\pcAnywhere\winaw32.exe
        Scope: *
Enable   Yes           mnmsrvc.exe / C:\WINDOWS\SYSTEM32\mnmsrvc.exe
        Scope: *
Enable   Yes           Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
        Scope: *

Port exceptions:
Port   Protocol  Local policy  Mode     Name / Service type
-------------------------------------------------------------------
137    UDP       Yes           Enable   NetBIOS Name Service / File and Printer Sharing
        Scope: *
138    UDP       Yes           Enable   NetBIOS Datagram Service / File and Printer Sharing
        Scope: *
139    TCP       Yes           Enable   NetBIOS Session Service / File and Printer Sharing
        Scope: *
445    TCP       Yes           Enable   SMB over TCP / File and Printer Sharing
        Scope: *
1900   UDP       Yes           Enable   SSDP Component of UPnP Framework / UPnP Framework
        Scope: LocalSubNet
2000   TCP       Yes           Enable   Remotely AnyWhere / None
        Scope: *
2869   TCP       Yes           Enable   UPnP Framework over TCP / UPnP Framework
        Scope: LocalSubNet
3389   TCP       Yes           Disable  Remote Desktop / Remote Desktop
        Scope: *

Ports on which programs want to receive incoming connections:
Port   Protocol  Version  PID       Type  Wildcarded  Forced  Name / Program
-------------------------------------------------------------------
500    UDP       IPv4     880       App   No          No      (null) / C:\WINDOWS\SYSTEM32\lsass.exe
        Scope: *
4500   UDP       IPv4     880       App   No          No      (null) / C:\WINDOWS\SYSTEM32\lsass.exe
        Scope: *
123    UDP       IPv4     1212      App   No          No      (null) / C:\WINDOWS\SYSTEM32\svchost.exe
        Scope: *
1045   TCP       IPv4     1760      App   No          No      (null) / C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
        Scope: *
58084  UDP       IPv4     1712      App   No          No      (null) / C:\Program Files\TapeWare\twwinsdr.exe
        Scope: *
34125  UDP       IPv4     1392      App   No          No      (null) / C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
        Scope: *
80     TCP       IPv4     1760      App   No          No      (null) / C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
        Scope: *
1025   UDP       IPv4     1332      App   Yes         No      (null) / C:\WINDOWS\SYSTEM32\svchost.exe
        Scope: *
1044   UDP       IPv4     1392      App   Yes         No      (null) / C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
        Scope: *
3456   UDP       IPv4     1760      App   No          No      (null) / C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
        Scope: *
2000   TCP       IPv4     1392      App   No          No      (null) / C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
        Scope: *
22     TCP       IPv4     1392      App   No          No      (null) / C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
        Scope: *
443    TCP       IPv4     1760      App   No          No      (null) / C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
        Scope: *
25     TCP       IPv4     1760      App   No          No      (null) / C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
        Scope: *
135    TCP       IPv4     1760      App   No          No      (null) / C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
        Scope: *
1026   UDP       IPv4     1332      App   Yes         No      (null) / C:\WINDOWS\SYSTEM32\svchost.exe
        Scope: *
42510  TCP       IPv4     1780      App   No          No      (null) / C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
        Scope: *
3513   TCP       IPv4     2176      App   No          No      (null) / C:\Program Files\Dell\PSM\arcpd.exe
        Scope: *
42508  UDP       IPv4     1780      App   No          No      (null) / C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
        Scope: *
5060   TCP       IPv4     3840      App   No          No      Internet Explorer / C:\Program Files\Internet Explorer\iexplore.exe
        Scope: *
1716   UDP       IPv4     3840      App   Yes         No      Internet Explorer / C:\Program Files\Internet Explorer\iexplore.exe
        Scope: *
1717   UDP       IPv4     3840      App   Yes         No      Internet Explorer / C:\Program Files\Internet Explorer\iexplore.exe
        Scope: *

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
135    TCP       IPv4     C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
        Scope: *
137    UDP       IPv4     (null)
        Scope: *
139    TCP       IPv4     (null)
        Scope: *
138    UDP       IPv4     (null)
        Scope: *
445    TCP       IPv4     (null)
        Scope: *
1716   UDP       IPv4     C:\Program Files\Internet Explorer\iexplore.exe
        Scope: *
1717   UDP       IPv4     C:\Program Files\Internet Explorer\iexplore.exe
        Scope: *
2869   TCP       IPv4     (null)
        Scope: LocalSubNet
1900   UDP       IPv4     (null)
        Scope: LocalSubNet
5060   TCP       IPv4     C:\Program Files\Internet Explorer\iexplore.exe
        Scope: *
2000   TCP       IPv4     C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
        Scope: *

Additional ports open on JSIINC:
Port   Protocol  Version
-------------------------------------------------------------------
10256  UDP       Any
10498  TCP       Any
12646  TCP       Any

ICMP settings for all network interfaces:
Mode     Type  Description
-------------------------------------------------------------------
Disable  2     Allow outbound packet too big
Disable  3     Allow outbound destination unreachable
Disable  4     Allow outbound source quench
Disable  5     Allow redirect
Enable   8     Allow inbound echo request
Disable  9     Allow inbound router request
Disable  11    Allow outbound time exceeded
Disable  12    Allow outbound parameter problem
Disable  13    Allow inbound timestamp request
Disable  17    Allow inbound mask request

Additional ICMP settings on JSIINC:
Mode     Type  Description
-------------------------------------------------------------------
Disable  2     Allow outbound packet too big
Disable  3     Allow outbound destination unreachable
Disable  4     Allow outbound source quench
Disable  5     Allow redirect
Disable  8     Allow inbound echo request
Disable  9     Allow inbound router request
Disable  11    Allow outbound time exceeded
Disable  12    Allow outbound parameter problem
Disable  13    Allow inbound timestamp request
Disable  17    Allow inbound mask request

JSIINC firewall settings:
-------------------------------------------------------------------
Operational mode = Enable
Version          = IPv4
GUID             = \{D0543B7A-9408-44D7-AE00-01200D50952C\}

Other variants the 'netsh firewall show' command are:

netsh firewall show allowedprogram Displays the allowed programs.
netsh firewall show config Displays the local configuration information.
netsh firewall show currentprofile Displays the current profile.
netsh firewall show icmpsetting Displays the ICMP settings.
netsh firewall show logging Displays the logging settings.
netsh firewall show multicastbroadcastresponse             Displays multicast/broadcast response settings.
netsh firewall show notifications Displays the current settings for notifications.
netsh firewall show opmode Displays the operational mode.
netsh firewall show portopening Displays the excepted ports.
netsh firewall show service Displays the services.
netsh firewall show state Displays the current state information.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish