Windows firewall settings can be managed from the Windows Defender Firewall interface in Control Panel. You can also manage Windows firewall configuration from the command prompt by using the netsh command. Firewall and related services on the other hand can be managed using sc command.

You can manage your Windows 11 firewall configuration and services using netsh and sc command from a Command prompt that runs as an administrator.

Steps to configure Windows 11 firewall from command prompt:

  1. Launch command prompt with Administrator privilege.

  2. Start and stop firewall service using netsh.

    netsh firewall set opmode DISABLE netsh firewall set opmode ENABLE

  3. Allow and deny ports using netsh.

    netsh firewall add portopening TCP _port_number_ _name_ DISABLE ALL netsh firewall add portopening TCP 3264 CCMAIL DISABLE ALL  netsh firewall add portopening TCP _port_number_ _name_ ENABLE ALL netsh firewall add portopening TCP 8443 PLESK-ADMIN ENABLE ALL

  4. Allow and deny programs using netsh.

    Programs to not allow TCP/UDP Socket Connections netsh firewall add allowedprogram _path_ _name_ DISABLE ALL netsh firewall add allowedprogram C:\WINDOWS\Cluster\CluAdmin.exe CLUSTER-ADMIN DISABLE ALL

  5. Configure ICMP settings using netsh.

    Allow outbound packet too big 2 Allow outbound destination unreachable 3 Allow outbound source quench 4 Allow redirect 5 Allow inbound echo request 8 Allow inbound router request 9 Allow outbound time exceeded 11 Allow outbound parameter problem 12 Allow inbound timestamp request 13 Allow inbound mask request 17  netsh firewall set icmpsetting 2 DISABLE

  6. Allow and deny multicast rules using netsh.

    netsh firewall set multicastbroadcastresponse DISABLE

  7. Allow and deny desktop popup using netsh.

    netsh firewall set notifications DISABLE

  8. Allow and deny network services using netsh.

    netsh firewall set service REMOTEDESKTOP ENABLE

  9. Configure firewall loging using netsh.

    netsh firewall set logging _path_ _size_ ENABLE netsh firewall set logging C:\WINDOWS\system32\LogFiles\firewall.log 4096 ENABLE

  10. Load IPSec backup configuration using netsh.

    netsh -f filename

  11. Configure firewall reporting using netsh and sc.

    netsh firewall show config verbose = ENABLE netsh firewall show state verbose = ENABLE sc qc SharedAccess

  12. Start and stop Windows Firewall/Internet Connection Sharing (ICS) using sc.

    sc start SharedAccess sc config SharedAccess start= auto

  13. Start and stop IPSec using sc.

    sc start PolicyAgent sc config PolicyAgent start= auto

  14. Start and stop WinDefend (Windows Defender) using sc.

    sc start WinDefend sc config WinDefend start= auto

Must manually configure the firewall to first start. Automated attempts at starting the firewall will cause it to come online with deny all / everything total lock down.