Hi there! I have some troubleswhile understanding advanced firewall workflow. my goal is to block all inbound and outbound traffic except ICMPv4 and inbound TCP port 80. so i try this: netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound netsh advfirewall firewall delete rule name=all netsh advfirewall firewall add rule name="pinging" program="C:\Windows\System32\ping.exe" dir=out protocol=icmpv4 localip=any remoteip=any action=allow netsh advfirewall firewall add rule name="web server"dir=in protocol=tcp localip=any remoteip=any action=allow localport=80 remoteport=any so after entering this in a shell (cmd.exe executed as ADMIN, UAC=off) i go to another cmd.exe session and launch ping.exe to some remote host.... and got packet lost = 100%. if I stop firewall - ping.exe are success pinging remote host. Where i can grab complete information about how "advfirewall add rule 'program='" working ?

Hi DDN, Thank you for the post. Please use the following command instead of the third one to test the issue: netsh advfirewall firewall add rule name="pinging" dir=out protocol=icmpv4 localip=any remoteip=any action=allow Hope it helps. Sincerely, Joson Zhou Microsoft Online Community Support

yes. its woking now.. .thanks... but why i can't allow only ping.exe to work? not all programs? Recenly i can't allow Windows Commander to work with network. (i.e. go to share cd \\server\share) My commandto windowsfirewall looks like this: netsh advfirewall firewall add rule name="allow netbios out" dir=out protocol=tcp action=allow program="C:\Program Files\wincmd\WINCMD32.EXE"