Share via

Add a Port to the Firewall Rules List for a Specific Connection

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Use this procedure to add a TCP or UDP port to the Windows Firewall exceptions list on a per-connection basis. This is useful if your computer has multiple network connections (sometimes referred to as interfaces) and you want to open different ports on each network connection. When you add a port to the exceptions list, the port is always open; unsolicited incoming traffic is always allowed to pass through the port unless you select the Don't allow exceptions option when you turn on Windows Firewall.

Note

Adding a port to the exceptions list can reduce the security of your computer because the port will be open any time the computer is running. You should add ports to the exceptions list only when it is not possible to add a program (.exe file) to the exceptions list.

Administrative Credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.

To add a port to the exceptions list for a specific connection

This procedure can be performed using the graphical user interface or the command prompt. You cannot use Group Policy to configure per-connection port exceptions.

Using the graphical user interface

To add a port to the exceptions list for a specific connection

  1. Open Windows Firewall, and then click the Advanced tab.

  2. In Network Connection Settings, click the connection that you want to configure, and click Settings.

  3. Click Add.

  4. In the Service Settings dialog box, in Description of service, type a display name for the port exception. The display name appears in the exceptions list.

  5. In Name or IP address of the computer hosting this service on your network, type the name or IP address of the local computer.

  6. In External port number for this service, type the port number to add to the exceptions list.

  7. In Internal port number for this service, type the port number to add to the exceptions list.

  8. Click either TCP or UDP, depending on the type of traffic, and then click OK.

If a Windows Firewall setting appears dimmed in the graphical user interface, and on the General tab, you see For your security, some settings are controlled by Group Policy, the setting might be managed by Group Policy. If all Windows Firewall settings appear dimmed, and on the General tab, you see You must be a computer administrator to change these settings, you do not have administrative rights to configure Windows Firewall.

Using the command prompt

To add a port to the exceptions list for a specific connection

  • Type the following at the command prompt, and press ENTER:

    netsh firewall set portopening protocol = protocol port = port name = name mode = mode interface = "interface"

Substitute values for the placeholders in italics. The following table lists possible values for each placeholder.

Placeholder Possible Values Description

protocol

TCP, UDP, All

Specifies the protocol for the port. Use All to specify both TCP and UDP.

port

Any number between 1 and 65,535

Specifies the port number for which you want to create an exception.

name

Any string less than 256 characters

Specifies the friendly name of the port exception. You must enclose name in quotation marks.

mode

enable, disable

Specifies whether to enable or disable the exception.

interface

The name of any network connection that can exist on the computer, as displayed in the Network Connections folder

Specifies the connection, or interface, on which to enable or disable the exception. You must enclose interface in quotation marks.

If you get an "Access Denied" message when you run a command, you do not have administrative rights to configure Windows Firewall. If you get an "Ok" message but the command does not take effect, the setting might be managed by Group Policy.

Notes

  • To start Windows Firewall, click Start, point to Control Panel, and then click Windows Firewall.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command Prompt.

  • Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

See Also

Concepts

Configuring Firewall Rules for Specific Connections
Known Issues for Managing Firewall Rules
Configuring Port Firewall Rules