Backup and restore Windows Firewall rules

There are several ways to backup and restore Windows Firewall rules, different ways for different user needs, the backup can be made via GUI (Graphical User Interface),  CLI (Command-Line Interface) and registry.

Tested operating systems:
Windows 7 x64
Windows 10 x64


GUI

1. Press ⊞ Windows key + R and type wf.msc
2. In “Windows Firewall with Advanced Security” window choose “Action” from main menu.
3. Backup by selecting “Export Policy” submenu, enter the name of the backup file and save.
4. Restore by selecting “Import Policy” submenu, select the backup file with .wfw extension and open.

Windows Firewall GUI backup
Windows Firewall GUI backup

CLI

1. Open cmd.exe (Command Prompt) as administrator and type the following commands.
2. Backup

netsh advfirewall export C:\backup.wfw

3. Restore

netsh advfirewall import C:\backup.wfw
Windows Firewall cmd backup and restore commands
Windows Firewall cmd backup and restore commands

Registry

Backup
1. Press ⊞ Windows key + R and type regedit
2. In “Registry Editor” window navigate to key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\, right click on “FirewallRules” key and select “Export”,  enter the backup file name and save, the backup file will be saved with the .reg extension for example backup.reg.

Windows Firewall backup with registry editor
Windows Firewall backup with registry editor

Restore
1. Press ⊞ Windows key + R and type regedit
2. In “Registry Editor” window navigate to key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\, select and delete all string values.

Windows Firewall delete string values from registry
Windows Firewall delete string values from registry

3. Open the backup.reg file and add the values to the registry.

Disable automatic rule creation in Windows Firewall

Windows Firewall is included in most Windows operating systems it’s a really nice piece of software, clean and simple, but sometimes an installed app or a newly installed app will automatically create unwanted rules even without asking, this “feature” cannot be officially disabled so let’s tweak it.

Tools required:
SubInACL (subinacl.exe) from Microsoft or Oueta
wf.zip (wf.bat) from Oueta

Tested operating systems:
Windows 7 x64
Windows 10 x64


1. Download subinacl.zip and wf.zip, unpack them in C:\Windows (subinacl.exe and wf.bat, administrator rights are needed)

2. Create shortcut to desktop for wf.bat and rename it to Windows Firewall

Send shortcut to desktop
Send shortcut to desktop

3. Allow to “Run as administrator”, right click on Windows Firewall shortcut -> Properties -> Advanced -> Check “Run as administrator”

Windows Firewall, run as administrator
Windows Firewall, run as administrator

4. Open “Windows Firewall” shortcut from desktop when rule creation is needed, otherwise rules cannot be created.

How it works?

Open wf.bat with a text editor to see the process, wf.bat sets read/write permission to registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\ and starts Windows Firewall, while the window is open rules can be created after that rule creation is denied.