Command line 为什么Windows命令shell告诉我使用不同的命令,然后说该命令不存在?
关于我的掌上电脑>服务器应用程序使用Web API RESTful方法的问题(此处讨论()),我尝试使用此处描述的shell命令来验证我没有防火墙问题:,显式:Command line 为什么Windows命令shell告诉我使用不同的命令,然后说该命令不存在?,command-line,tcp,port,iis-express,windows-firewall,Command Line,Tcp,Port,Iis Express,Windows Firewall,关于我的掌上电脑>服务器应用程序使用Web API RESTful方法的问题(此处讨论()),我尝试使用此处描述的shell命令来验证我没有防火墙问题:,显式: netsh firewall add portopening TCP 80 IISExpressWeb enable ALL 我还使用了端口777,因为这是我在applicationhost.config中设置的端口: <bindings> <binding protocol="http" bindingInfo
netsh firewall add portopening TCP 80 IISExpressWeb enable ALL
<bindings>
<binding protocol="http" bindingInformation="*:28642:localhost" />
<binding protocol="http" bindingInformation="*:777:192.168.125.50" />
<binding protocol="https" bindingInformation="*:44300:localhost" />
</bindings>
所以它告诉我使用新的命令,然后说没有这样的事情!这是什么故事?有没有办法实际使用新命令?是我的语法有问题,还是…?看起来只是语法问题
portopeningadvfirewall从命令行运行
netsh advfirewall add rule/?netsh/?netsh/?I:\>netsh advfirewall /?
The following commands are available:
Commands in this context:
? - Displays a list of commands.
consec - Changes to the `netsh advfirewall consec' context.
dump - Displays a configuration script.
export - Exports the current policy to a file.
firewall - Changes to the `netsh advfirewall firewall' context.
help - Displays a list of commands.
import - Imports a policy file into the current policy store.
mainmode - Changes to the `netsh advfirewall mainmode' context.
monitor - Changes to the `netsh advfirewall monitor' context.
reset - Resets the policy to the default out-of-box policy.
set - Sets the per-profile or global settings.
show - Displays profile or global properties.
The following sub-contexts are available:
consec firewall mainmode monitor
To view help for a command, type the command, followed by a space, and then
type ?.
/?netsh advfirewall-firewall/?I:\>netsh advfirewall firewall add rule /?
Usage: add rule name=<string>
dir=in|out
action=allow|block|bypass
[program=<program path>]
[service=<service short name>|any]
[description=<string>]
[enable=yes|no (default=yes)]
[profile=public|private|domain|any[,...]]
[localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
[remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
[localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=a
ny)]
[remoteport=0-65535|<port range>[,...]|any (default=any)]
[protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
tcp|udp|any (default=any)]
[interfacetype=wireless|lan|ras|any]
[rmtcomputergrp=<SDDL string>]
[rmtusrgrp=<SDDL string>]
[edge=yes|deferapp|deferuser|no (default=no)]
[security=authenticate|authenc|authdynenc|authnoencap|notrequired
(default=notrequired)]
Remarks:
- Add a new inbound or outbound rule to the firewall policy.
- Rule name should be unique and cannot be "all".
- If a remote computer or user group is specified, security must be
authenticate, authenc, authdynenc, or authnoencap.
- Setting security to authdynenc allows systems to dynamically
negotiate the use of encryption for traffic that matches
a given Windows Firewall rule. Encryption is negotiated based on
existing connection security rule properties. This option
enables the ability of a machine to accept the first TCP
or UDP packet of an inbound IPsec connection as long as
it is secured, but not encrypted, using IPsec.
Once the first packet is processed, the server will
re-negotiate the connection and upgrade it so that
all subsequent communications are fully encrypted.
- If action=bypass, the remote computer group must be specified when dir=i
n.
- If service=any, the rule applies only to services.
- ICMP type or code can be "any".
- Edge can only be specified for inbound rules.
- AuthEnc and authnoencap cannot be used together.
- Authdynenc is valid only when dir=in.
- When authnoencap is set, the security=authenticate option becomes an
optional parameter.
Examples:
Add an inbound rule with no encapsulation security for messenger.exe:
netsh advfirewall firewall add rule name="allow messenger"
dir=in program="c:\programfiles\messenger\msmsgs.exe"
security=authnoencap action=allow
Add an outbound rule for port 80:
netsh advfirewall firewall add rule name="allow80"
protocol=TCP dir=out localport=80 action=block
Add an inbound rule requiring security and encryption
for TCP port 80 traffic:
netsh advfirewall firewall add rule
name="Require Encryption for Inbound TCP/80"
protocol=TCP dir=in localport=80 security=authdynenc
action=allow
Add an inbound rule for messenger.exe and require security
netsh advfirewall firewall add rule name="allow messenger"
dir=in program="c:\program files\messenger\msmsgs.exe"
security=authenticate action=allow
Add an authenticated firewall bypass rule for group
acmedomain\scanners identified by a SDDL string:
netsh advfirewall firewall add rule name="allow scanners"
dir=in rmtcomputergrp=<SDDL string> action=bypass
security=authenticate
Add an outbound allow rule for local ports 5000-5010 for udp-
Add rule name="Allow port range" dir=out protocol=udp localport=5000-5010
action=allow
I:\>netsh advfirewall添加规则/?
用法:添加规则名称=
dir=输入|输出
动作=允许|阻塞|旁路
[程序=]
[服务=|任何]
[说明=]
[启用=是|否(默认值=是)]
[profile=public | private | domain | any[,…]
[localip=any | | | |]
[remoteip=any | localsubnet | dns | dhcp | wins | defaultgateway|
||||]
[localport=0-65535 |[,…]| RPC | RPC EPMap | IPHTTPS | any(默认值=a
纽约)]
[remoteport=0-65535 |[,…]任意(默认值为任意)]
[协议=0-255 | icmpv4 | icmpv6 | icmpv4:类型,代码| icmpv6:类型,代码|
tcp | udp |任意(默认值=任意)]
[interfacetype=wireless | lan | ras | any]
[rmtcomputergrp=]
[rmtusrgrp=]
[边缘=是|延迟应用程序|延迟用户|否(默认值=否)]
[security=authenticate | authenc | authdynec | authnoencap |不需要
(默认值=不需要)]
评论:
-向防火墙策略添加新的入站或出站规则。
-规则名称应该是唯一的,不能是“全部”。
-如果指定了远程计算机或用户组,则必须确保安全性
验证、验证、验证或验证。
-将安全性设置为authdynec允许系统动态
协商对匹配的流量使用加密
给定的Windows防火墙规则。加密是基于
现有连接安全规则属性。此选项
使计算机能够接受第一个TCP
或入站IPsec连接的UDP数据包,只要
它是安全的,但不是加密的,使用IPsec。
处理第一个数据包后,服务器将
重新协商连接并升级,以便
所有后续通信都完全加密。
-如果action=bypass,则必须在dir=i时指定远程计算机组
N
-如果service=any,则该规则仅适用于服务。
-ICMP类型或代码可以是“任意”。
-只能为入站规则指定边缘。
-AuthEnc和authnoencap不能一起使用。
-authdynec仅在dir=in时有效。
-设置authnoencap时,security=authenticate选项将变为
可选参数。
示例:
为messenger.exe添加没有封装安全性的入站规则:
netsh advfirewall firewall add rule name=“允许messenger”
dir=in program=“c:\programfiles\messenger\msmsgs.exe”
安全性=authnoencap操作=允许
为端口80添加出站规则:
netsh advfirewall firewall add rule name=“allow80”
协议=TCP目录=输出本地端口=80操作=块
添加需要安全性和加密的入站规则
对于TCP端口80流量:
netsh advfirewall防火墙添加规则
name=“需要对入站TCP/80进行加密”
协议=TCP目录=本地端口中=80安全性=authdynec
动作=允许
为messenger.exe添加入站规则并要求安全性
netsh advfirewall firewall add rule name=“允许messenger”
dir=in program=“c:\program files\messenger\msmsgs.exe”
安全性=身份验证操作=允许
为组添加经过身份验证的防火墙绕过规则
acmedomain \由SDDL字符串标识的扫描仪:
netsh advfirewall firewall add rule name=“允许扫描程序”
dir=在rmtcomputergrp=操作=旁路中
安全性=验证
为udp的本地端口5000-5010添加出站允许规则-
添加规则name=“允许端口范围”dir=out协议=udp本地端口=5000-5010
动作=允许
netsh advfirewall firewall add rule name="IISExpressWeb" dir=in protocol=tcp localport=80 profile=private remoteip=localsubnet action=allow
netsh advfirewall firewall add rule name="IISExpressWeb" dir=in protocol=tcp localport=777 profile=private remoteip=localsubnet action=allow
它们在运行时没有受到主机内的微软精灵的尖叫声(在我粘贴并运行它们之后,它们温顺地回答道“Ok.”)。虽然这是真的,但作为回答,这并没有太大帮助,因为它没有显示与
advfirewall添加规则netsh advfirewall firewall add rule/?netsh advfirewall firewall add rule name="IISExpressWeb" dir=in protocol=tcp localport=80 profile=private remoteip=localsubnet action=allow
netsh advfirewall firewall add rule name="IISExpressWeb" dir=in protocol=tcp localport=777 profile=private remoteip=localsubnet action=allow