Helping setting up development or testing machines: firewall confirmations with ease

If you are writing code for the .NET platform with Visual Studio and SQL Server and are doing heavy testing on multiple (virtual) computers, then you might yourself repetitively configuring the Windows Vista, Windows 7 or Windows Server 2008 firewall to for instance allow communications to SQL Server.

For instance, I'm often enabling PING (ICMP Echo Requests) on the testing virtual machines, as this helps to troubleshoot the occasional network and IP address problems. Secondly, you also need a quick way to allow the installed SQL Server instance to be contacted over the network. By default, all these Windows NT 6.x versions have firewall settings to hinder such communications.

Of course, you can easily start the graphical advanced firewall configuration utility, and create two new inbound rules there. But, this gets a bit boring after settings up half-a-dozen virtual machines. Luckily, you can solve the problem with two (longish) command-line commands using NETSH.

For instance, if you wanted to enable PING and SQL Server for the local subnet on TCP port 1433 (which I always use instead of dynamic ports), then you could execute the following commands on an elevated command prompt (command splitted into shorted lines for clarity):

netsh advfirewall firewall add rule name="Allow PING" dir=in
action=allow enable=yes profile=any localip=any remoteip=any
protocol=icmpv4:8,any interfacetype=any

netsh advfirewall firewall add rule name="Allow SQL Server (TCP 1433)"
dir=in action=allow enable=yes profile=any localip=any
remoteip=localsubnet protocol=tcp localport=1433

If you fail to run the command prompt with proper administrative rights, you will get an error message saying "The requested operation requires elevation". On the other hand, if these commands work as they should, then you will simply see "Ok." at the prompt. Terse, yes, but enough!