有以下二種方式做設定和修改:
1、使用
netsh command
2、使用answer file
一、To configure the Firewall interactively
1.
At a Standard 7 command prompt
on the device, type the following:
Netsh
The Netsh tool starts.
At the Netsh prompt you can run any firewall command interactively.
For more information about the firewall commands and settings available in the
Netsh tool, at a Standard 7 command prompt, type
Netsh firewall /?.
2.
At the Netsh prompt, do any of
the following:
- Add
a new incoming firewall rule to enable Windows Messenger
netsh advfirewall firewall add rule name="allow messenger" dir=in program="C:\Program Files\Messenger\Msmsgs.exe" action=allow
- Add
a new outgoing firewall rule to block port 80
netsh advfirewall firewall add rule name="allow80" protocol=TCP
dir=out localport=80 action=block
- Turn
the firewall off when the domain profile is active
netsh advfirewall domainprofile state off
- Enable
an existing rule
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
- Log
dropped connections on the public profile
netsh advfirewall set publicprofile logging droppedconnections enable
- Change
the maximum log file size to 16 MB on the private profile
netsh advfirewall set privateprofile logging maxfilesize 16384
二、To configure the
Firewall using an answer file
1.
These steps assume that you
have an open answer file in Image Configuration Editor and that you are
familiar with Image Configuration Editor.
2.
In Image Configuration Editor,
in the Answer File pane, browse to the following setting:
ECore
Image
..Product
....Operating System
......Foundation Core
........Windows Embedded Edition
..........Networking-MPSSVC-Svc
3.
In the Settings
pane, select 4 Specialize from
the Filter
view by dropdown list.
4.
Select the Networking-MPSSVC-Svc
setting in the Answer File pane. In the Properties
pane, you will see various firewall
configuration settings. By default, the firewall will now be enabled
for all profiles. You configure the firewall by changing property values.
You can configure specific applications by adding Firewall Groups. To add a
Firewall Group, right-click Firewall Groups in the Answer File
pane and choose Insert New FirewallGroup.
5.
The following are examples of
how to configure the firewall:
- Turn the firewall off:
Set DomainProfile_EnableFirewall to false.
Set PrivateProfile_EnableFirewall to false.
Set PublicProfile_EnableFirewall to false. - Turn
the firewall off when the domain profile is active.
Set DomainProfile_EnableFirewall to false. - Enable
Remote Desktop connections.
Add a new Firewall Group.
Set Action property to AddListitem.
Set Active to true.
Set Group to "Remote Desktop."
Set Key to a value that uniquely identifies this FirewallGroup.
Set Profile to all, domain, public or private depending on which profile you want to allow Remote Desktop connections.
 Note: |
|
In unattended installations, you can use
a string for the Group setting, for example, "Remote Desktop."
However, to specify a Group in an answer file that applies to multilingual
unattended installations, you can reference an indirect string resource
stored in the firewallAPI.dll binary. For example, to enable Remote Desktop,
use the following:
Set Group to "@FirewallAPI.dll,-28752" |
參考資料:
Configure the Firewall (Windows Embedded Standard 7 Service Pack 1)
You can control the network traffic that your device sends and receives by configuring the Standard 7 Firewall. To configure the Firewall, you can run the Netsh tool at the command prompt on your device, or you include a
netsh command in a RunSynchronous element of your answer file.
Hardware and Software Assumptions
These steps assume that you have an open
answer file in Image Configuration Editor and that you are familiar with Image
Configuration Editor and distribution shares.
沒有留言:
張貼留言