You can of course extend this to any other program just by modifying the switches, protocols, IPs, etc. It will error out if you don't supply an IP address, so that you don't get a meaningless rule. A new rule is created each time you run the command..it doesn't update an existing rule. That is possible with the netsh command though.
@echo off
:: Configures Windows Server 2008/R2 firewall for SQL.
:: Requires a single argument, the IP address of the remote application server that requires SQL access.
:: Usage: SQL-Firewall.cmd
if [%1]==[] ; GOTO :ERROR
Echo Configuring Windows Advanced Firewall for SQL to listen on IP %1
netsh advfirewall firewall add rule name="SQL Server (TCP-in)" dir=in action=allow protocol=TCP Profile=domain localport=1433 program="D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" description="Allows inbound Microsoft SQL connections." remoteip=%1
Exit /B
:ERROR
Echo Please specify IP address.
Would it really be asking too much for me to expect Microsoft to make a set of firewall exceptions for SQL server, so I can enable and disable them as needed for the different contexts? On their "Configuring Windows Firewall to Allow SQL Server Access" they don't even mention if the rules are inbound or outboud. Now they certainly can provide that info, right?
ReplyDeleteCompletely agree with the comments above, a glaring omission by Microsoft.
ReplyDeleteWorse still predefined SQL exceptions are still ominously absent in R2!!
hi.. if i have make firewall rule for SQL server to access it from WAN side,then which port i have to define for SQL to accessing it from WAN
ReplyDelete