How To Start or Stop Windows Firewall from the Command Line
Given the rise of online threats, enabling a firewall on Windows is more important now than ever. In general, starting the firewall is not something that requires you to be super tech savvy. For the most part, you need to navigate through a few menus and select “Turn on Windows Defender Firewall.”
But is there an easier way to do it? Of course, there is. It removes the hassle of traversing the Windows menus, though you will need to use the Command Line. With this in mind, you should know that the commands in this article are straightforward and there is no risk of messing up your system.
The following methods apply to Windows 7 and 10 and the article also includes sections on how to firewall particular apps from the Command Line.
Starting or Stopping Windows Firewall
First, you need to run the Command Prompt with administrative privileges. Click the Start menu and search for Command Prompt. Once the app appears in the results, right-click, and choose “Run as administrator.”
When the app pops up, type the following command into the command line.
netsh advfirewall set allprofiles state on
Hit Enter and your firewall will instantly switch on. If you wish to stop it, just end the command with off instead of on. Here’s what the turn off command looks like:
netsh advfirewall set allprofiles state off
Note: Command Prompt allows you to make changes without typing or copying and pasting the command twice. For example, you can use the arrow keys and go to the previous command, then replace on with off (or vice versa) and hit Enter.
Blocking Specific Apps
The command to block specific apps from Command Prompt is a bit more complicated. But if you follow the instructions to the T, you shouldn’t have any problems with it. Before you get to the steps, it’s important to make a distinction between outbound and inbound rules.
Outbound/Inbound Rules Explained
These rules follow a straightforward logic. The outbound rules prevent an app from sending information from your PC and the inbound ones prevent an app from receiving information. Of course, these rules work both ways. You can easily turn them back on after you disable inbound/outbound data for any particular app. The path to this from the Windows user interface is simple.
Firewall & Network Protection > Advanced Settings > Outbound > New Rule
If you’d like to manage inbound rules, click on the Inbound Rules tab in the Windows Defender Firewall with Advanced Security window.
Then, you chose Program under Rule Type, click the Next button, and follow the onscreen wizard. On the other hand, the Command Prompt method is not that straightforward and there are certain decisions to be made. These are the steps you need to follow.
First, determine if you want to block the outbound or inbound data and find the exact file path of the app. For example, let’s say you’d like to prevent Chrome from going online.
Find Chrome .exe file on your system (it should be in C:\Program Files) and copy the entire path to your clipboard. The path should look like this.
C:Program Files (x86)GoogleChromeApplicationchrome.exe
Run Command Prompt as an administrator and execute the following command with the app path included.
netsh advfirewall firewall add rule name=”Chrome block” program=”C:Program Files (x86)GoogleChromeApplicationchrome.exe” dir=out action=block profile=public
Now you can run Chrome to see whether the command worked.
The file path for the app you want to block/allow goes inside the parenthesis. The command line section is program=”” dir … and if you want to block inbound data put in instead of out next to dir – dir=in. To unblock an app, replace block with allow next to action – action=allow.
Using App Port Number
There is also an option to put an app behind a firewall using its port number and here are the necessary steps.
Go to the Start menu, search for Resource Monitor, and run the app with administrative privileges. Right-click the app and select “Run as administrator.”
Click the Network tab in Resource Monitor and open Listening Ports. Find the port number and enter it into the command. This explanation assumes you’ve already opened Command Prompt (with administrative privileges on) and we’ll also use the Chrome example. This is the command you need.
netsh advfirewall firewall add rule name=”Chrome block” localport=443 protocol=tcp dir=out action=block profile=public
If you’re not sure about the exact port number, you can block a range and use port=1500-3000 instead of localport=443.
Deleting the Command
As you are not likely to keep Chrome blocked forever, check out the command to delete this rule.
netsh advfirewall firewall delete rule name=”Chrome block”
Just hit Enter after you type the command and everything should revert back to normal.
Build a Wall Around Your PC
The commands to start or stop windows firewall are easy to use, even if you have never opened Command Prompt before. Admittedly, firewalling a specific app takes a bit more skill, but it’s not something you cannot do.
While we are at it, which apps would you like to put behind the firewall? And do you always keep the firewall on? Give us your take on the matter in the comments section below.