MyPersonalVPS.com

I was chatting in one of the forums I lurk in the other day, and the subject of Windows Server and firewall configurations came up. There was also a little side-debate going on about which is better – Command Prompt or GUI. (My personal preference is to use a command prompt where possible, because I find that I can get things done more quickly.)

So, the end result of the conversation was that I posted my little crib sheet that I use to enable and set up the firewall on any new Windows server we bring into service. I find this file one of those useful little tidbits that comes in handy once in a while, so I thought I’d also post it here, if only so that I can find a copy of it easily

Bear in mind that under Windows 2003 server this only affect INBOUND traffic. This will change under the new Windows 2008 Server where the firewall watches traffic both inbound and outbound.


## WINDOWS FIREWALL SETUP VIA COMMAND PROMPT
##
## Port list at http://www.iana.org/assignments/port-numbers
##
## Turn on Enable mode
##
netsh firewall set opmode enable
##
## Set standard open TCP ports
##
netsh firewall set portopening TCP 21 FTP-Server
netsh firewall set portopening TCP 25 SMTP
netsh firewall set portopening TCP 80 HTTP
netsh firewall set portopening TCP 110 POP3
netsh firewall set portopening TCP 143 IMAP4
netsh firewall set portopening TCP 220 IMAP3
netsh firewall set portopening TCP 443 HTTPS
netsh firewall set portopening TCP 465 SMTP-Secure
netsh firewall set portopening TCP 993 IMAP
netsh firewall set portopening TCP 995 POP3-Secure
netsh firewall set portopening TCP 3389 RDP
##
## TCP + UDP for DNS
##
netsh firewall set portopening TCP 53 DNS-TCP
netsh firewall set portopening UDP 53 DNS-UDP
##
## Turn on logging
##
netsh firewall set logging droppedpackets=enable
##
## Logs to c:\windows\pfirewall.log
##


The port list at IANA is a big help getting together your list of ports that you’d like to open. I hope this helps someone!