Obtaining Information About the Windows XP Firewall from the Command Line

If you wish to check the state of the Microsoft Windows XP firewall software, you can issue the following command from a command line prompt.

C:\Documents and Settings\Administrator>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Standard
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = None
Remote admin mode                 = Disable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
10243  TCP       IPv4     (null)
10280  UDP       IPv4     (null)
10281  UDP       IPv4     (null)
10282  UDP       IPv4     (null)
10283  UDP       IPv4     (null)
10284  UDP       IPv4     (null)
20099  TCP       IPv4     C:\Program Files\Network\SSH\OpenSSH\usr\sbin\sshd.exe
3389   TCP       IPv4     (null)
42599  TCP       IPv4     C:\Program Files\Network\pcAnywhere\awhost32.exe
42600  UDP       IPv4     C:\Program Files\Network\pcAnywhere\awhost32.exe
2869   TCP       IPv4     (null)
1900   UDP       IPv4     C:\WINDOWS\system32\svchost.exe

The command also shows the open ports and applications that have opened particular ports.

You can also request information just on open ports with netsh firewall show portopening as below.

C:\Documents and Settings\Administrator>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
10280  UDP       Enable   Windows Media Connect
10281  UDP       Enable   Windows Media Connect
10282  UDP       Enable   Windows Media Connect
10283  UDP       Enable   Windows Media Connect
10284  UDP       Enable   Windows Media Connect
10243  TCP       Enable   Windows Media Connect
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
20099  TCP       Enable   SSH
10280  UDP       Enable   Windows Media Connect
10281  UDP       Enable   Windows Media Connect
10282  UDP       Enable   Windows Media Connect
10283  UDP       Enable   Windows Media Connect
10284  UDP       Enable   Windows Media Connect
10243  TCP       Enable   Windows Media Connect
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP
3389   TCP       Enable   Remote Desktop

You may notice that the second example doesn't list the two ports opened by pcAnywhere, TCP port 42599 and UDP port 42600 (the system is using non-standard pcAnywhere ports), which are listed in the first example. That is because those ports were allowed to be open in the firewall not by designating the specific ports as allowed, but by specifying the program that opens them as an "allowed program". You can see the allowed programs by using the command netsh firewall show allowedprogram.

C:\Documents and Settings\Administrator>netsh firewall show allowedprogram

Allowed programs configuration for Domain profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe

Allowed programs configuration for Standard profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable   pcAnywhere Main Executable / C:\Program Files\Network\pcAnywhere\Winaw32.exe
Enable   pcAnywhere Host Service / C:\Program Files\Network\pcAnywhere\awhost32.exe
Enable   pcAnywhere Remote Service / C:\Program Files\Network\pcAnywhere\awrem32.exe
Enable   proxy / C:\Program Files\Network\Proxy\proxy.exe

In the above example, the AnalogX Proxy program, proxy.exe, is allowed to open ports, though it was not running at the time the command was issued and therefore hasn't opened any ports.

If you just want to know whether the firewall is enabled, you can use the netsh firewall show service command.

C:\Documents and Settings\Administrator>netsh firewall show service

Service configuration for Domain profile:
Mode     Customized  Name
-------------------------------------------------------------------
Enable   No          UPnP Framework

Service configuration for Standard profile:
Mode     Customized  Name
-------------------------------------------------------------------
Enable   No          UPnP Framework
Enable   No          Remote Desktop

Other firewall "show" commands that are available are listed below.

C:\Documents and Settings\Administrator>netsh firewall show

The following commands are available:

Commands in this context:
show allowedprogram - Shows firewall allowed program configuration.
show config    - Shows firewall configuration.
show currentprofile - Shows current firewall profile.
show icmpsetting - Shows firewall ICMP configuration.
show logging   - Shows firewall logging configuration.
show multicastbroadcastresponse - Shows firewall multicast/broadcast response configuration.
show notifications - Shows firewall notification configuration.
show opmode    - Shows firewall operational configuration.
show portopening - Shows firewall port configuration.
show service   - Shows firewall service configuration.
show state     - Shows current firewall state.

[/os/windows/xp/firewall] permanent link