Enable or disable Windows firewall from command prompt

First, to see whether the Windows Firewall is enabled on a server or computer, type this command at the command prompt:

netsh firewall show opmode

You should get something similar to what is below:



Depending on how many network adapters you have installed on your computer, you’ll see three or more listings. Operational Mode means if the Firewall is turned on or off. Exception mode is if exceptions are allowed or not. Enable means on.
To enable the Firewall in Windows, simply run this command:

netsh firewall set opmode enable

Pretty simply eh? Now what if you want to add a port exception (open a port) to the Firewall using the command line? That’s simple too!
Let’s say you wan to open port 3389, which is for remote desktop in Windows. You would simply run this command:

netsh firewall add portopening TCP 3389 RDP enable subnet

The way the command works is by using the netsh firewall add portopening command, following by the protocol (TCP, UDP), followed by the actual port number, followed by a name (anything you want) and then the enable subnet command.
If you were to run this command then go view the exceptions in Windows Firewall, you would see that the item is now checked:



Pretty neat eh!? This is also useful for any headless Windows 2008 Server Core machines that you can only access via the command prompt. Enjoy!