Windows Firewall - Export and Import a Specific Firewall Rule with Registry Editor

[Clanger]

Export and Import Specific Firewall Rule in Windows 10

How to Export and Import a Specific Firewall Rule in Windows 10 In Windows 10, you can configure Windows Firewall to have custom rules for a specific

winaero.com

Handy because i want to combine WFC's minimal rules with wfw file qou shared here.

 

[Clanger]

Reserved.

 

[Clanger]

Minimal firewall rules for Windows Firewall/Windows Firewall Control(v6.9.2.0) on Windows 7.

[Other] Mod's note: This is created by (MalwareBytes) BiniSoft's WFC tool.

 

[Clanger]

Reserved

 

[clarensio]

Once WFC is present, for example, I import, during installation, my basic rules (Base_WFC.wfw) from the command line with:

netsh advfirewall import "Base_WFC.wfw"​

I find it much simpler...

 

[garlin]

The logic behind integrating the reg file is those firewall rules are immediately active during Windows installation, instead of waiting for Post-Setup. Some organizations may have strict security policies and want to protect the install during all phases.

You can run "netsh advfirewall import" in the specialize pass, but most users don't want to mess around with unattend.xml commands.

 

[Clanger]

The logic behind integrating the reg file is those firewall rules are immediately active during Windows installation, instead of waiting for Post-Setup

Yes, thats my whole point. unattend.xml's are way above my pay grade.
Looking at my current w7 internet access install all i need to be online are Firefox and Thunderbird, Free Download Manager and Internet Download Manager(IDM), Snappy Diver Installer and nothing else.

Although i use one of these to bring the connection to the front of my pc its still a pain in the bum to unplug/plug and it takes its toll on the spring tabs

 

[clarensio]

The logic behind integrating the reg file is those firewall rules are immediately active during Windows installation, instead of waiting for Post-Setup. Some organizations may have strict security policies and want to protect the install during all phases.

You can run "netsh advfirewall import" in the specialize pass, but most users don't want to mess around with unattend.xml commands.

I agree... so much so that I install WFC (including basic rules) during the OS installation phase, precisely to avoid interference from users...

 

[Clanger]

I had to start changing the way i work because Zone Alarm Free Firewall(all i have is an old offline installer) no longer installs, i get errors, so its either use Debian(live) or sort windows out.

 

[Clanger]

Suppose the next step would be to find and close all unneeded ports.

 

[clarensio]

For those using WFC, the new version 6.9.6.0 is out

 

[Clanger]

BiniSoft WFC tool version 6.9.8.0, changelog

- Removed: Exporting/importing to/from *.wfw file (Windows Firewall format) was removed
due to unreliable results. This still can be done from WFwAS, but not from WFC anymore.

You have to uninstall older versions before installing 6.9.8.0 :/

 

[clarensio]

BiniSoft WFC tool version 6.9.8.0, changelog

You have to uninstall older versions before installing 6.9.8.0 :/

It's not really like that...
The upgrade occurs as with previous versions.WFC "now" exports and imports (therefore from the WFC button) in .wpw format,

The import of the "basic rules" from the command line - "netsh advfirewall import <BaseRules.wfw>" personally this is what I do in every first installation - always happens with a .wfw format (standard MS Windows Firewall format).

For those using WFC, the new version 6.9.9.0 is out
Change log:
- Improved: When exporting rules, the sorting order and filters are now preserved in the exported wpw file. On import you get back what was seen in Rules Panel at export time.
- Improved: The import and the export of the firewall rules are fully async now. This improves the UI responsiveness during these actions.
- Fixed: When duplicating multiple rules at once, they are created in the reversed order.
- Fixed: Authorized groups list has a display issue where it displays also the internal group names.
- Fixed: When creating a duplicate rule in Rules Panel the Please wait message remains displayed and Rules Panel needs to be closed and reopened.
- Fixed: Secure Rules disables custom groups names in the latest version.

 

[clarensio]

For those using WFC, the new version 6.9.9.2 is out
Change log:
- Fixed: It is not possible to create a duplicate of the first rule in Rules Panel.
- Fixed: Remote code execution vulnerability via gRPC named pipes.
- Updated: Standard user accounts are allowed to perform elevated actions without requiring elevation authorization. Starting with this version, if wfcUI.exe is executed as a standard user account, it has only read access for the user interface. The software must be elevated before being able to perform any write actions (CVE-2023-36631).
- Updated: Run button was disabled in the installer to avoid executing the software under an elevated account from a standard user account.

New translation strings:
090 = Request elevation

 

[Clanger]

For those using WFC, the new version 6.9.9.2 is out

The software must be elevated before being able to perform any write actions

Good

 

[clarensio]

Good

"... When you are on the final page in the installer/updater, press Shift+F10 to enable the Run button (the Run Button is unclickable). wfcUI.exe will be executed with the same privileges as the installer like in the past".

 

[chrcol]

The logic behind integrating the reg file is those firewall rules are immediately active during Windows installation, instead of waiting for Post-Setup. Some organizations may have strict security policies and want to protect the install during all phases.

You can run "netsh advfirewall import" in the specialize pass, but most users don't want to mess around with unattend.xml commands.

Interesting what is this specialize pass and is it configurable within ntlite UI?

I disable internet access via a post install command, but if its possible earlier, then even better.

 

[garlin]

Depending on the exact Windows feature, there are four possible phases for when a customization can be applied.
Working backwards in time:

4. Post-Setup (User), after the user has logged on. Most useful for applying HKCU mods.
3. Post-Setup (Machine), after OOBE has finished, but before first logon.
2. specialize pass in Windows install, via Unattended file commands. After the first reboot, but before 2nd reboot into OOBE.
1. Merged into the offline image, by registry or config file integration.

NTLite doesn't support Unattended customization for audit or specialize passes. That goes into fairly advanced topics, since you need to learn how the different Windows install phases work. But it's possible to work your changes into the autounattend.xml after NTLite is done.

 

[Clanger]

garlin knowing how to use all the availible options will be good and how to "work your changes into the autounattend.xml after NTLite is done." would be very good for those of us who dont know how to mod the answerfile.

 

[garlin]

NTLite supports 3 of the 4 listed options. Users who don't have access to image tools are often forced to script specialize commands, simply because they don't have any other way of modding the image, or setting up Post-Setup commands.

It's rare that an NTlite user needs to doing anything in specialize pass, unless it's for driver support or Active Directory work.