Controlling inbound and outbound Windows firewall rules from the command line

The following short article explains how to use Netsh command line scripting utility to add or delete inbound and outbound Windows firewall rules.

Netsh can be used to modify a variety of network configuration and firewall setup is one of them.

To add a rule into firewall, follow this simple guide:

Netsh.exe advfirewall firewall add rule name=”<Rule Name>” program=”<FilePath>” protocol=tcp dir=in enable=yes action=allow profile=Private

Parameter Description:

  • Name = <Name of the rule>
  • program = <”File Executable Path”>
  • protocol = TCP or UDP
  • dir = Inbound(in) / Outbound(out) rule
  • enable = YES or NO
  • action = Allow or Block or custom
  • profile = Private and/or public and/or domain (Need to add more than one profile? Use “,” e.g.: profile=private, domain )



Let’s say we need to add a new inbound rule to allow Remote Desktop connections to our computer. To do this manually, we’d need to go to Control Panels, then Windows Firewall with Advanced Security, then click on ‘New Rule’ and define the entire rule and implement it this way.

Or we can simply run the following one liner:

netsh advfirewall firewall add rule name="Remote Desktop (TCP-In)" dir=in action=allow protocol=TCP localport=3389

As we can see, this is likely not the best solution when we need to add a single rule (Window GUI is more than sufficient for that), but it’s a fantastic way to automate the single firewall rules on a network or multiple additions/deletions of firewall rules through batch files.