Managing WFAS with Netsh

To use Netsh .exe to create WFAS firewall rules, you need to be in the advfirewall firewall context . The following are some examples of using WFAS to create firewall rules:
 - To create a rule named WebServerRule that applies in the domain profile and allows inbound traffic on TCP port 80, issue the command:

netsh advfirewall firewall add rule name=”WebServerrule” profile=domain protocol=tCp dir=in localport=80 action=allow

 - To create a rule named AllowCalc that allows inbound traffic to the Calc .exe  application in all network profiles, issue the command:

 netsh advfirewall firewall add rule name=”Calc” dir=in program=”c:\windows\system32\calc.exe”

 - To create a rule named BlockFTP that blocks outbound traffic from the Ftp.exe  application, issue the command:
 netsh advfirewall firewall add rule name=”BlockFtp” dir=out program=”c:\windows\system32\ftp.exe” action=block