Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: netsh advfirewall add- how to prevent multiple entries by command line

07 Sep 2010   #1
SAIT

Windows 7 Ultimate x64
 
 
netsh advfirewall add- how to prevent multiple entries by command line

Hi
I´m using a little script to enter "add rule" to the firewall in Win 7

f.e.

netsh advfirewall firewall add rule name="Firefox Updater" dir=out program="%ProgramFiles% (x86)\Mozilla Firefox\updater.exe" enable=yes profile=any action=allow

This works fine so far.
But if i start the script again, it will create the same rule AGAIN (with the same name and everything).

Can I prevent this? Maybe I need some unique identifier that prevents double entries?
Or should I better check - using some if/else commands - if a rule exists and if not add it (but how do i do THAT?).

I don´t want to create a lot of single script files, i just want to use one which i might extend with new entries if a new tool is coming along. I know this might not be the nicest solution for a security matter, but it´s fine for me :-)

Aside from that, if someone is doing the same thing or something similar, are you still using the batch cmd or are you on Power Shell?


Thanks a lot!


My System SpecsSystem Spec
.
10 Sep 2010   #2
SAIT

Windows 7 Ultimate x64
 
 

Anyone?
Maybe the idea isn´t very interesting?
My System SpecsSystem Spec
10 Sep 2010   #3
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

This shows how to set rules in Win 7 firewall How to Set Windows 7 Firewall Rules
My System SpecsSystem Spec
.

11 Sep 2010   #4
SAIT

Windows 7 Ultimate x64
 
 

Thank you Jacee, but I already know how to set rules.
The command syntax from my previous post itself is right. My problem is that if I start it (f.e.) accidentally twice, i get 2 rules with the same name.

The solution I´m looking for is something like a unique identifier that prevents that from happening and return a "hey, you already got a out rule by that name, you can´t put another one in".
My System SpecsSystem Spec
04 Nov 2010   #5
bpetya

Windows 7 Home Premium x64
 
 
Batch script to create/delete port rule in Win7 firewall

Quote   Quote: Originally Posted by SAIT View Post
(...) My problem is that if I start it (f.e.) accidentally twice, i get 2 rules with the same name.

The solution I´m looking for is something like a unique identifier that prevents that from happening and return a "hey, you already got a out rule by that name, you can´t put another one in".
Hi,
I prefer batch cmd scripts for my tasks. The next script is an extensible solution to do the job for you, with your return message . I hope it's good for you.

The basic idea is: if you use the same name for the created rule all the times, first you must check if it exist or not. If exist: jump over; if not: create the rule.
I use command line parameters for job specification, and call a small subroutine for it.

On deleting, all the rules with the specified name are deleted!
Good luck!
P

Code:
@echo off
:: 
:: Batch script to create and delete port rules in Win7 firewall
:: Created by Péter Barabás (barabas_p(at)yahoo...)
::
setlocal
 
:: In the next two line, you can set the parameters for script:
set PORTNUMBER=4567
set RULENAME="Open MyPort %PORTNUMBER%"
 
:: Using command line parameter for selecting process:
if "%1"=="/o" call :_OpeningPort
if "%1"=="/d" call :_DelRules
if "%1"=="" echo No parameter. Exiting.
goto :EOF
 
:_OpeningPort
:: Opening Port on firewall:
netsh advfirewall firewall show rule name=%RULENAME% >nul
if not ERRORLEVEL 1 (
rem Rule %RULENAME% already exist.
echo Hey, you already got a out rule by that name, you can´t put another one in!
) else (
echo Rule %RULENAME% not exist. Creating...
netsh advfirewall firewall add rule name=%RULENAME% dir=in action=allow protocol=TCP localport=%PORTNUMBER% remoteip=LocalSubnet profile=private interfacetype=lan
)
goto :EOF
 
:_DelRules
:: Deleting enabled port:
netsh advfirewall firewall show rule name=%RULENAME% >nul
if not ERRORLEVEL 1 (
echo Rule %RULENAME% exist. Deleting...
netsh advfirewall firewall delete rule name=%RULENAME% protocol=tcp localport=%PORTNUMBER%
) else (
echo Rule %RULENAME% does not exist. 
)
goto :EOF
My System SpecsSystem Spec
11 Nov 2010   #6
SAIT

Windows 7 Ultimate x64
 
 

Thank you Peter.
You´re solution has been very helpful and is already more advanced than what i intented to do. I just needed the check sequence.

So what this is how i proceed now when I want to add a new rule:
1. I copy an existing older block and paste it at the end of my file
2. I chance the Rulename and ProgPath variables to the new program i want to add
( i keep the rules very simple, nothing with ports etc...)
3. I run the script. The script checks the existence and reacts according to Peter´s code, then it goes on to the next rule block.

At the end i see the result in the CMD Box like this

Hey, you already got a out rule by that name, you cannot put another one in!
Hey, you already got a out rule by that name, you cannot put another one in!
Hey, you already got a out rule by that name, you cannot put another one in!
Rule "test" not exist. Creating...
OK.



It´s not the most elegant solution, someone might want to do this with a loop sequence, but I don´t know how and it works fine for me this way.

I don´t get any doublettes in my rule set this way PLUS
i can use the same script on a similar machine without changing the code. Before that I had to put a REM in front of each rule after i added it, which of course needed to be removed on new installations.



Code:
@echo off

:: -----------------------------------------------
Rem Rule - added on xxx.xxx.2011
set RULENAME="Firefox"
Set ProgPath="%ProgramFiles% (x86)\Mozilla Firefox\firefox.exe"

netsh advfirewall firewall show rule name=%RULENAME% >nul
if not ERRORLEVEL 1 (
rem Rule %RULENAME% already exist.
echo Hey, you already got a out rule by that name, you cannot put another one in!

) else (
echo Rule %RULENAME% not exist. Creating...
netsh advfirewall firewall add rule name=%RULENAME% dir=out program=%ProgPath% enable=yes profile=any action=allow description=%RULENAME% 
)
:: -----------------------------------------------


Rem Rule - added on xxx.xxx.2011
set RULENAME="Firefox Updater"
Set ProgPath="%ProgramFiles% (x86)\Mozilla Firefox\updater.exe"


netsh advfirewall firewall show rule name=%RULENAME% >nul
if not ERRORLEVEL 1 (
rem Rule %RULENAME% already exist.
echo Hey, you already got a out rule by that name, you cannot put another one in!

) else (
echo Rule %RULENAME% not exist. Creating...
netsh advfirewall firewall add rule name=%RULENAME% dir=out program=%ProgPath% enable=yes profile=any action=allow description=%RULENAME% 
)
:: -----------------------------------------------
If someone want to play along with this, please go ahead.
Thanks again for the help :-)
My System SpecsSystem Spec
20 Jun 2011   #7
glenh

Windows 7 Ultimate x64
 
 

Just delete the rule first. If it doesn't exist then no harm done :-)
My System SpecsSystem Spec
Reply

 netsh advfirewall add- how to prevent multiple entries by command line




Thread Tools




Similar help and support threads
Thread Forum
Force an IP to a MAC on virtual network (using netsh wlan command)
Hi I'm creating as virtual network on my PC using netsh wlan commands and it's working great. However, at this point a need came to me to force a particular IP to a MAC address. Ofcourse it will be an IP that is allowed. All I need is to force a connecting device (with a static MAC) to have the...
Network & Sharing
Command Line - Help
Hi Guy's and Girls, Just first off I've never been too good with CMD and only an Apprentice in my company I work for. Now something I've wanted to do for awhile was to make the following but I don't necassirealy I know how to do this in one batch file: I would need a Batch file that is...
General Discussion
netsh mbn show interfaces results in command not found on Win7 64Bit
Hi, I'm trying to run "netsh mbn show interfaces" from a .bat or .jar file on a Win7 64bit system but every time I run my file, it results in "The following command was not found mbn show interfaces". When I run that same command in a cmd.exe prompt, the result is correct and as expected. ...
Network & Sharing
what is the windows 7 form of this netsh command?
netsh fire ad porto tcp 134 p134 ENABLE SUBNET I want to open port 134, TCP, for local subnet. it's incoming so for a server running on port 134. and only my LAN should have access.
System Security
Editing, Deleting & Adding advfirewall grouped entries
I am creating an interface that allows the user to manage (among other things) the Windows Firewall. My GUI is written in Java and uses the netsh advfirewall firewall commands to read the current settings and to save changes. Some of the items are single records in the firewall. The "Windows...
System Security
Command Line
Is there a cmd.exe /switch for “run as administrator” ? Thanks-
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:18.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App