Needed to open a big range of ports on Windows Firewall on one of my web boxes. Via the GUI you can only do one port at a time. But run this at the command prompt to add a range:
FOR /L %I IN (5001,1,5201) DO netsh firewall add portopening TCP %I "Passive FTP"%I
This opens ports 5001 to 5201, and names them 'Passive FTP'.
Found this here.
Oh, takes time, like a port or two a second, so if you have a wide range it's going to take some time.
This worked excellently, especially for opening the 100+ ports needed for the Blizzard Downloader required to update World of Warcraft! Thank you very much!!!
You are very welcome. Thanks for letting me know this was useful!
This works perfect – thanks
Awesome, now how do i delete a range of ports i created incorrectly? DOH
Ah, now that’s good a question, and I’m sorry I don’t know. Haven’t had the need!
David
If you change your mind, it is (all in one line):
FOR /L %I IN (5001,1,5201) DO netsh firewall delete portopening TCP %I
Very helpful, many thanks
Will this also work for UDP ports?:
FOR /L %I IN (5001,1,5201) DO netsh firewall add portopening UDP %I “Passive FTP”%I ?
Clark, I suspect so although I haven’t tried.
Clark, I just tried it for UDP and it works.
Nice. Thanks I’ve been setting up teh Windows Firewall on a 2003 DC that was wide-open. This, along with Rpccfg.exe is helping that gosh-durn dynamic-port-all-have-to-be-open-for-RPC-apps-to-work thing.
dude im having problems opening ports 28000-29100
for my windows firewall. i play msn gaming zone and its blocked all of the suddden, cant find help anywhere I have windows xp i dont know alot about computers, feel free to respond or even call me 334-380-5510
If you wish to narrow the scope of the port opening (instead of leaving it open for the entire internet) you can do it like this:
for /L %i in (5001,1,5201) DO netsh firewall add portopening protocol=TCP %i name=”ExceptionName”%i scope=custom addresses=10.1.1.0/255.255.255.0,64.25.16.0/255.255.255.0
I cannot open ports 28000 to 28809 as well to play backgammon. I read info above where do I type this? Thank you for your help.
Hi Steve
You need to type this at the Command Prompt. Usually you can open this:
Click Start
Click Accessories
Click Command Prompt
It should open a small black window, which is the command screen. It’s used for typing commands directly to your computer.
Hope that helps
David
Can this be done for any port range? just wondering
Hello Nathan
Yes, you can use this for any range of ports. My example above is for 5001 to 5201. You can substitute your own values for these.
David
Thank you so much, I had to open passive ftp ports in my server, it would have taken years!
Thanks again
I came here looking for a way to open a large group of ports for my passive FTP server. Imagine the irony! The ports in your example almost lined up with them as well, I copy/pasted your command and altered 2 numbers and hit go. You rock!
Glad it worked for you AJ.
Merci pour la tip 😀
Dear Sir,
Pls Help me how to open Port 5001, 5002,5003,5004 and 1443 in windows 2003 server.pls help as soon as possible
Thanks in advance
Hi Abhishek
With such a small number of ports, why not just open them individually via Windows Firewall?
David
Dear Sir,
we tried to add all the port numbers locally in the Server and Client computers still some of the ports are not opening. We added all the port number in the Windows fire wall – add port option. We are checking the port open condition by the below mentioned utility command
“ Telnet ”
– please suggest whether this is the correct procedure or not.
Thanks,
Abhishek
Hi Abhishek
It’s a bit hard to be of assistance because I don’t know what you are trying to achieve, and what your set up is.
If you have added the ports correctly via Windows Firewall then they should be open.
I would suggest you start by disabling Windows Firewall service – which will mean all ports are open – and try that. If that works then maybe something is wrong with the way you added the ports to Windows Firewall. Make sure you configured the scope correctly for example – I don’t know if you are trying to make a connection to the server from outside your network, or internally, for example.
If you are trying to access the server from the internet, then are you sure there is no other firewall in operation? For example many hosting providers have firewalls in place and you might need to ask them to open the ports for you.
I’m sorry, but without more detailed information about your particular circumstances it is difficult to comment.
My script on this blog post is simply a quick way to deal with the problem of Windows Firewall only adding one port at a time. The script is not doing anything you cannot do in Windows Firewall – other than offering the convenience of being able to open a group of ports with a single command.
Kind regards…David
Hey,
I’m having trouble with your command prompt solution and this is whats happening:
I copy your solution:
FOR /L %I IN (6881,1,6999) DO netsh firewall add portopening TCP %I “Passive FTP”%I
I paste it in to command prompt and I see it working on each individual port but it says:
“netsh is not recognized as an internal or external command, operable program or batch file.”
and doesn’t open them and when I go to my firewall exceptions they are not their so please help me and I’m not particularly great with technology so please bear with me
Thanks a lot
Hi Jiggie
NETSH is the program that’s doing the actual opening of the ports. By the sound of things it’s not in the default system directory. I would check:
C:\WINDOWS;
C:\WINDOWS\system32
And see if you can find it (maybe just search whole machine).
If you locate it, then reference it directly with the path to the program file, for example:
FOR /L %I IN (6881,1,6999) DO C:\WINDOWS\netsh firewall add portopening TCP %I “Passive FTP”%I
Kind regards…David
Very useful thank you for posting this!
Super helpful, thanks!
big help, thank you!
To open a range of ports you don’t need to add one rule per port – you can do it with just one rule. E.g. this will open 64000-64005 TCP inbound:
netsh advfirewall firewall add rule name=”My Port Range Rule” dir=in protocol=tcp localport=64000-64005 action=allow
This was very useful and saved me alot of work, thanks alot 🙂
Thank you David for this very useful information. I was dreading having to add each port one at a time for over 100 ports I needed opened until I found your post. Thanks again!
Pingback: netsh advfirewall port range - BlogoSfera
How do you add a discrete range of ports with this syntax
for ex: ports like 3306, 8080, 7575, 10235?
how do we add a discrete range of ports specific to a particular application for the same syntax.
For Example: ports like 10235, 8081, 7676, 12356