Windows Firewall is a stateful host firewall that discards unsolicited incoming traffic, providing a level of protection for computers against malicious users or programs. To provide better protection for computers connected to any kind of network (such as the Internet, a home network, or an organization network), Windows XP SP2 enables Windows Firewall on all network connections by default.
The WindowsFirewall section must be included in your answer file to configure firewall sections and entries in unattended Setup or Sysprep in factory mode.
All of the sections for the Windows Firewall are user defined. For example, the user-defined profile is referenced by the Profiles entry in the WindowsFirewall section. Windows Firewall maintains two sets of configurations known as profiles. The Domain profile is used when a computer is a member of a domain, while the Standard profile is used when a computer is not connected to a domain. You may specify a domain type of profile, a standard type, or a profile that applies to both domain and standard. The name of the user-defined profile must match the section name of [WindowsFirewall.profile_name].
To configure Windows Firewall settings, you must include the WindowsFirewall section along with one or more of the following user-defined sections in the Unattend.txt file:
Windows Firewall Settings Sections
|
|
|
Section
|
Description
|
|
[WindowsFirewall.profile_name]
|
Specifies a domain type of profile, a standard type, or a profile that applies to both domain and standard.
|
|
[WindowsFirewall.program_name]
|
Adds programs to the Windows Firewall Exceptions list.
|
|
[WindowsFirewall.service_name]
|
Adds services to the Windows Firewall Exceptions list.
|
|
[WindowsFirewall.portopening_name]
|
Adds static ports to the Windows Firewall Exceptions list.
|
|
[WindowsFirewall.icmpsetting_name]
|
The default configuration for Windows Firewall blocks all Internet Control Message Protocol (ICMP) message types, this section allows you to modify this behavior.
|
The [WindowsFirewall] section contains entries for specifying which user-defined profiles to use and for specifying the log file settings.
Answer File Entries for the WindowsFirewall Section
|
|
|
Entry
|
Description
|
|
Profiles
|
Specifies the names of the user-defined profiles to use for configuring the Windows Firewall (domain, standard, or both domain and standard.
|
|
LogFile
|
Specifies the location and file name of the Pfirewall.log file.
|
|
LogSize
|
Specifies the maximum size of the Pfirewall.log file.
|
|
LogDroppedPackets
|
Specifies whether to enable logging dropped packets to the Pfirewall.log file.
|
|
LogConnections
|
Specifies whether to enable logging connections to the Pfirewall.log file.
|
Example
[WindowsFirewall]
Profiles = WindowsFirewall.profile1_name, WindowsFirewall.profile2_name
LogFile = %WINDIR%\Pfirewall.log
LogSize = 4096
LogDroppedPackets = 1
LogConnections = 1
Comments
The example above demonstrates one use of the WindowsFirewall section.
Profiles
Specifies the names of the user-defined profiles to use for configuring the Windows Firewall. You may specify a domain profile, standard profile, or a profile for both domain and standard. Each profile_name must be unique, and each profile_name must match the name in the [WindowsFirewall.profile_name] section.
Syntax
Profiles = WindowsFirewall.profile1_name, WindowsFirewall.profile2_name
|
|
|
Value
|
Description
|
|
profile_name
|
Profile name.
|
Example
Profiles = WindowsFirewall.standard_profilename, WindowsFirewall.domain_profile_name, WindowsFirewall.Both_types_profile_name
Comments
This is a required entry. The Profiles entry lists the user-defined profiles to configure the Windows Firewall. This entry must match the [WindowsFirewall.profile_name] section name.
LogFile
Specifies the location and file name of the Pfirewall.log file.
Syntax
LogFile = path
|
|
|
Value
|
Description
|
|
path
|
Path for the log file.
|
Example
LogFile = %WINDIR%\Pfirewall.log
Comments
This is an optional entry. Use this entry to create a log file for troubleshooting.
LogSize
Specifies the maximum size of the Pfirewall.log file.
Syntax
LogSize = Size in KB
|
|
|
Value
|
Description
|
|
Size in KB
|
The maximum size of the log file.
|
Example
LogSize = 4096
Comments
The default value is 4096. This is an optional entry. Use this entry to limit the size of the log file.
LogDroppedPackets
Specifies whether to enable logging dropped packets in the Pfirewall.log file.
Syntax
LogDroppedPackets = 0 | 1
|
|
|
Value
|
Description
|
|
1
|
Enables logging dropped packets to the Pfirewall.log file.
|
|
0
|
Does not enable logging dropped packets to the Pfirewall.log file.
|
Example
LogDroppedPackets = 0
Comments
The default value is 0. This is an optional entry. Use this entry for troubleshooting connection problems.
LogConnections
Specifies whether to enable logging connections in the Pfirewall.log file.
Syntax
LogConnections = 0 | 1
|
|
|
Value
|
Description
|
|
1
|
Enables logging connections to the Pfirewall.log file.
|
|
0
|
Does not enable logging connections to the Pfirewall.log file.
|
Example
LogConnections = 0
Comments
The default value is 0. This is an optional entry. Use this entry for troubleshooting connectivity problems.