Skip to content

Instantly share code, notes, and snippets.

@Biswa96

Biswa96/Firewall_Telemetry.CMD

Created April 4, 2018 20:21
Show Gist options
  • Save Biswa96/4341e43d7a617ea212790fae8c9a22da to your computer and use it in GitHub Desktop.
Save Biswa96/4341e43d7a617ea212790fae8c9a22da to your computer and use it in GitHub Desktop.
Download ZIP
Deletes all predefined Firewall rules and delete DNScache service. Then blocks all inbound and outbound traffic and allow system to connect.
Raw
Firewall_Telemetry.CMD
@echo off
::1#Delete DNSCache Service
::sc.exe stop "Dnscache"
::sc.exe delete "Dnscache"
reg.exe delete "HKLM\SYSTEM\CurrentControlSet\Services\Dnscache" /F
pause
::2#
for %%X in (
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules"
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules"
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedInterfaces"
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices" ) do (
reg delete %%X /F
)
set X="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices"
%~dp0\SetACL.exe -on %X% -ot reg -rec cont_obj -actn setowner -ownr "n:Everyone"
%~dp0\SetACL.exe -on %X% -ot reg -rec cont_obj -actn ace -ace "n:Everyone;p:full"
pause
::3#
for %%X in (
Defaults
Parameters ) do (
for %%Y in (
DomainProfile
PublicProfile
StandardProfile ) do (
reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y" /V "DefaultInboundAction" /T REG_DWORD /D "1" /F
reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y" /V "DefaultOutboundAction" /T REG_DWORD /D "1" /F
reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y" /V "DisableNotifications" /T REG_DWORD /D "0" /F
reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y" /V "DisableUnicastResponsesToMulticastBroadcast" /T REG_DWORD /D "1" /F
reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y" /V "EnableFirewall" /T REG_DWORD /D "1" /F
reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\%%X\FirewallPolicy\%%Y\Logging" /F
)
)
netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound
pause
::4#
::netsh advfirewall firewall add rule Name=System Program=System Action=allow Dir=Out
Powershell New-NetFirewallRule -DisplayName "~System" -Name "System" -Direction Outbound -Program System -Action Allow
::END-44#
@BYTEMEE1
Copy link

BYTEMEE1 commented Dec 5, 2021

So what would be the syntax for allowing Chrome as an outbound and inbound exception to the block, if we assume the path is C:\Program Files\Chrome\Chrome.exe?

@Biswa96
Copy link
Author

Biswa96 commented Dec 5, 2021

New-NetFirewallRule cmdlet in PowerShell or netsh advfirewall firewall command can be used for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment