Tweak the Windows Firewall in Windows Vista SP1

Windows Vista comes to the table with the Windows Firewall as a default component. And even if Russian security company Kaspersky has warned that the Windows Firewall in Vista is full of leaks, the security mitigation does provide a certain level of protection for end users, feeble as it might be. Even though Windows Vista Service Pack 1 delivers a range of enhancements to the Windows Firewall, as well as IPsec, the underlying infrastructure of the tool is the same as in Vista RTM. And in this context, perhaps the simplest way to manage the Windows Firewall in Vista SP1 is via the Microsoft Management Console.

All you have to do is enter Windows Firewall in the search box under the Start Menu in Vista SP1 and hit enter. Then, open up the Windows Firewall properties and start tweaking away. Of course that for more advanced users, taking a crack at the command prompt is a must. "The netsh advfirewall firewall command-line context is available in Windows Server 2008 and in Windows Vista. This context provides the functionality for controlling Windows Firewall behavior that was provided by the netsh firewall context in earlier Windows operating systems. The netsh firewall command-line context might be deprecated in a future version of the Windows operating system. We recommend that you use the netsh advfirewall firewall context to control firewall behavior," Microsoft explained.

In Vista SP1 make sure to open a command prompt with elevated privileges. Type "cmd" in the search box under the Start menu and then either hit CTRL + SHIFT + Enter or simply right click the highlighted result and select "Run as administrator". As far as the Windows Firewall in Vista SP1 is concerned, the "netsh advfirewall" command is your best tool. With this command you will be able to enable or disable programs and ports, as well as Windows Firewall itself.

In order to play around with the default Firewall in Vista SP1 enter the "netsh advfirewall /?" command to get an idea of the options available to you. The general parameters of the Windows Firewall can be accessed via "netsh advfirewall set currentprofile /?" This will display a list of commands that will permit you to configure everything from the status of the firewall to the inbound and outbound connections behaviour. Type "netsh advfirewall set currentprofile state on" to turn the Windows Firewall on, and "netsh advfirewall set currentprofile state off" to switch it off. And "Nesth advfirewall set currentprofile state on" followed by "netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound" to block inbound connections, but to allow outbound ones.