Open a range of ports on Windows Firewall

Needed to open a big range of ports on Windows Firewall on one of my web boxes. Via the GUI you can only do one port at a time. But run this at the command prompt to add a range:

FOR /L %I IN (5001,1,5201) DO netsh firewall add portopening TCP %I "Passive FTP"%I

This opens ports 5001 to 5201, and names them 'Passive FTP'.

Found this here.

Oh, takes time, like a port or two a second, so if you have a wide range it's going to take some time.

35 thoughts on “Open a range of ports on Windows Firewall

  1. This worked excellently, especially for opening the 100+ ports needed for the Blizzard Downloader required to update World of Warcraft! Thank you very much!!!

  2. Nice. Thanks I’ve been setting up teh Windows Firewall on a 2003 DC that was wide-open. This, along with Rpccfg.exe is helping that gosh-durn dynamic-port-all-have-to-be-open-for-RPC-apps-to-work thing.

  3. dude im having problems opening ports 28000-29100
    for my windows firewall. i play msn gaming zone and its blocked all of the suddden, cant find help anywhere I have windows xp i dont know alot about computers, feel free to respond or even call me 334-380-5510

  4. If you wish to narrow the scope of the port opening (instead of leaving it open for the entire internet) you can do it like this:
    for /L %i in (5001,1,5201) DO netsh firewall add portopening protocol=TCP %i name=”ExceptionName”%i scope=custom addresses=10.1.1.0/255.255.255.0,64.25.16.0/255.255.255.0

  5. I cannot open ports 28000 to 28809 as well to play backgammon. I read info above where do I type this? Thank you for your help.

  6. Hi Steve
    You need to type this at the Command Prompt. Usually you can open this:
    Click Start
    Click Accessories
    Click Command Prompt
    It should open a small black window, which is the command screen. It’s used for typing commands directly to your computer.
    Hope that helps
    David

  7. I came here looking for a way to open a large group of ports for my passive FTP server. Imagine the irony! The ports in your example almost lined up with them as well, I copy/pasted your command and altered 2 numbers and hit go. You rock!

  8. Dear Sir,
    Pls Help me how to open Port 5001, 5002,5003,5004 and 1443 in windows 2003 server.pls help as soon as possible
    Thanks in advance

  9. Dear Sir,
    we tried to add all the port numbers locally in the Server and Client computers still some of the ports are not opening. We added all the port number in the Windows fire wall – add port option. We are checking the port open condition by the below mentioned utility command
    “ Telnet ”
    – please suggest whether this is the correct procedure or not.
    Thanks,
    Abhishek

  10. Hi Abhishek
    It’s a bit hard to be of assistance because I don’t know what you are trying to achieve, and what your set up is.
    If you have added the ports correctly via Windows Firewall then they should be open.
    I would suggest you start by disabling Windows Firewall service – which will mean all ports are open – and try that. If that works then maybe something is wrong with the way you added the ports to Windows Firewall. Make sure you configured the scope correctly for example – I don’t know if you are trying to make a connection to the server from outside your network, or internally, for example.
    If you are trying to access the server from the internet, then are you sure there is no other firewall in operation? For example many hosting providers have firewalls in place and you might need to ask them to open the ports for you.
    I’m sorry, but without more detailed information about your particular circumstances it is difficult to comment.
    My script on this blog post is simply a quick way to deal with the problem of Windows Firewall only adding one port at a time. The script is not doing anything you cannot do in Windows Firewall – other than offering the convenience of being able to open a group of ports with a single command.
    Kind regards…David

  11. Hey,
    I’m having trouble with your command prompt solution and this is whats happening:
    I copy your solution:
    FOR /L %I IN (6881,1,6999) DO netsh firewall add portopening TCP %I “Passive FTP”%I
    I paste it in to command prompt and I see it working on each individual port but it says:
    “netsh is not recognized as an internal or external command, operable program or batch file.”
    and doesn’t open them and when I go to my firewall exceptions they are not their so please help me and I’m not particularly great with technology so please bear with me
    Thanks a lot

  12. Hi Jiggie
    NETSH is the program that’s doing the actual opening of the ports. By the sound of things it’s not in the default system directory. I would check:
    C:\WINDOWS;
    C:\WINDOWS\system32
    And see if you can find it (maybe just search whole machine).
    If you locate it, then reference it directly with the path to the program file, for example:
    FOR /L %I IN (6881,1,6999) DO C:\WINDOWS\netsh firewall add portopening TCP %I “Passive FTP”%I
    Kind regards…David

  13. To open a range of ports you don’t need to add one rule per port – you can do it with just one rule. E.g. this will open 64000-64005 TCP inbound:
    netsh advfirewall firewall add rule name=”My Port Range Rule” dir=in protocol=tcp localport=64000-64005 action=allow

  14. Thank you David for this very useful information. I was dreading having to add each port one at a time for over 100 ports I needed opened until I found your post. Thanks again!

  15. Pingback: netsh advfirewall port range - BlogoSfera

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s