默认情况下，具有高级安全性的 Windows 防火墙^{(Windows Firewall with Advanced Security)}会阻止来自网络的ICMP 回显请求^{(ICMP Echo Requests)}( Ping^(Pings) )。在这篇文章中，我们将向您展示如何使用命令提示符^{(Command Promp)}或通过具有高级安全 UI 的 Windows 防火墙允许^{(Windows Firewall with Advanced Security UI)}Ping（ICMP Echo 请求）^{(Pings (ICMP Echo requests))}通过您的Windows 防火墙^{(Windows Firewall)}。

我应该启用 ICMP 吗？

对于许多网络管理员来说，他们认为Internet 控制消息协议^{(Internet Control Message Protocol)}( ICMP ) 存在安全风险，因此作为一种安全措施，应该始终在防火墙处阻止ICMP 。众所周知，ICMP 存在一些与之相关的安全问题，因此，应该阻止^(ICMP)ICMP ；^(ICMP)仍然没有理由阻止所有ICMP流量！

我应该允许哪些 ICMP 类型？

除了类型 3^{(Type 3)}和类型 4^{(Type 4)} （您需要允许进出 Windows 10/11 PC 上的防火墙的唯一基本ICMP流量）之外，其他所有内容要么是可选的，要么应该被阻止。^(ICMP)请记住^(Bear)，要发送 ping 请求，您需要允许输入 8 OUT和输入 0 IN。

通过Windows 防火墙^{(Windows Firewall)}允许Ping^(Pings)（ICMP Echo请求）

通常，ping 命令^{(ping command works)}在其他网络工具中的工作方式是简单地将称为Internet 控制消息协议^{(Internet Control Message Protocol)}( ICMP )回显^(Echo) 请求^(Requests)的特殊数据包发送到目标设备，然后等待该接收设备响应并发回ICMP Echo回复^{(ICMP Echo Reply)}包。ping这个动作，除了测试联网设备是否处于活动状态外，它还测量响应时间并输出结果供您查看。

我们可以通过两种方式之一通过Windows 10或 Windows 11 PC上的防火墙允许^(Firewall)Ping^(Pings)（ICMP Echo请求） 。我们将在下面概述的方法下探索这个主题。

注意^(Note)：如果您的系统上安装了带有自己的防火墙的第三方安全软件或仅安装了另一种类型的专用第三方防火墙程序，则需要在该防火墙中打开端口^{(open ports in that firewall)}而不是内置的Windows 防火墙^{(Windows Firewall)}.

1]允许 Pings^{(Allow Pings)}（ICMP Echo请求）通过Windows PC^{(Windows PC)}上的防火墙^(Firewall)通过具有高级安全 UI的^{(Advanced Security UI)}Windows 防火墙^{(Windows Firewall)}

要通过具有高级安全性的^{(Advanced Security)}Windows 防火墙^{(Windows Firewall)}用户界面允许Ping^(Pings)（ICMP Echo请求）通过Windows PC^{(Windows PC)}上的防火墙^(Firewall)，请执行以下操作：

• 单击开始^{(Click Start)}或按键盘上的Windows键。
• 键入windows firewall，然后从搜索结果顶部选择Windows Defender 防火墙^{(Windows Defender Firewall)} 。
• 单击打开的控制面板^{(Control Panel)}窗口左侧的高级设置链接。^{(Advanced settings)}
• 在左侧窗格中，右键单击入站规则^{(Inbound Rules)}并选择新建规则^{(New Rule)}。
• 在新入站规则^{(New Inbound Rule)}窗口中，选择自定义^(Custom)。
• 单击下一步^(Next)。
• 在此规则是否适用于所有程序或特定程序？^{(Does this rule apply to all programs or specific programs?)}页面，确保为所有程序^{(All programs)}选择单选按钮。
• 单击下一步^(Next)。
• 在此规则适用于哪些端口和协议？^{(To which ports and protocol does this rule apply?)}页面，单击协议类型^{(Protocol type)}下拉菜单，然后选择ICMPv4。
• 单击自定义^(Customize)按钮。
• 在自定义 ICMP 设置^{(Customize ICMP Settings)}窗口中，选择特定 ICMP 类型^{(Specific ICMP types)}选项。
• 在 ICMP 类型列表中，启用Echo Request。
• 单击确定^(OK)。
• 回到这个规则适用于哪些端口和协议？^{(o which ports and protocol does this rule apply?)}页面，点击下一步^(Next)。
• 在出现的页面上，选择“此规则适用于哪些本地 IP 地址？ ”下的^{(Which local IP addresses does this rule apply to?)}任何 IP 地址^{(Any IP address)}选项的单选按钮。以及此规则适用于哪些远程 IP 地址？^{(Which remote IP addresses does this rule apply to?)}部分。

如果需要，您可以配置您的 PC 将响应 ping 请求的特定 IP 地址。其他 ping 请求将被忽略。

• 在连接符合指定条件时应采取什么操作？^{(What action should be taken when a connection matches the specified conditions?)}页面，请确保选择了允许连接^{(Allow the connection)}选项的单选按钮。
• 单击下一步^(Next)。
• 在此规则何时应用^{(When does this rule apply)}页面上，根据您的要求选中/取消选中可用选项。
• 单击下一步^(Next)。
• 在最后一个屏幕上，您需要为新规则命名，并可选择提供描述。建议将ICMPv4添加到规则名称中，以区别您还将创建的ICMPv6规则。^(ICMPv6)
• 单击完成^(Finish)按钮。

现在，您可以通过重复上述步骤继续创建ICMPv6规则，但这次是在此规则适用于哪些端口和协议？^{(To which ports and protocol does this rule apply?)}页面，单击协议类型^{(Protocol type)}下拉菜单，然后选择ICMPv6 。

• 完成后退出Windows Defender 防火墙^{(Windows Defender Firewall)}。

如果您在任何时候想要禁用该规则，请打开具有高级安全性的Windows 防火墙^{(Windows Firewall)}控制面板^{(Advanced Security Control Panel)}，选择左侧的入站规则^{(Inbound Rules)}，然后在中间窗格中找到您创建的规则，右键单击该规则并选择禁用^(Disable)。这些规则也可以删除 - 但最好只是禁用规则，这样您就可以轻松快速地重新启用它们而无需重新创建它们。

2]使用命令提示符^{(Command Prompt)}在Windows PC上^{(Windows PC)}允许 Ping^{(Allow Pings)}（ICMP Echo请求）通过防火墙^(Firewall)

Windows 11/10上为 ping 请求创建异常的最快方法。

要使用命令提示符^{(Command Prompt)}允许Ping^(Pings)（ICMP Echo请求）通过Windows PC上的防火墙^(Firewall)，请执行以下操作：

• 按Windows key + R调用“运行”对话框。
• 在“运行”对话框中，键入cmd，然后按CTRL + SHIFT + ENTER以open Command Prompt in admin/elevated mode。
• 在命令提示符窗口中，键入或复制并粘贴下面的命令，然后按 Enter^(Enter)以创建 ICMPv4 异常^{(create the ICMPv4 exception)}。

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow

• 要创建 ICMPv6 异常^{(create the ICMPv6 exception)}，请运行以下命令：

netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=allow

更改立即生效，无需重新启动系统。

• 要禁用 ICMPv4 异常的 ping 请求^{(disable ping requests for the ICMPv4 exception)}，请运行以下命令：

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=block

• 要禁用 ICMPv6 异常的 ping 请求^{(disable ping requests for the ICMPv6 exception)}，请运行以下命令：

netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=block

如果您在任何时候想要禁用规则但忘记了规则的名称，您可以运行以下命令以查看所有规则的列表：

netsh advfirewall firewall show rule name=all

这就是如何通过Windows 防火墙允许^{(Windows Firewall)}Ping^(Pings)（ICMP Echo请求）！

什么是 ICMP 攻击？

ICMP攻击（也称为Ping洪水攻击）是一种常见的拒绝服务 (DoS) 攻击^{(Denial-of-Service (DoS) attack)}，其中威胁者恶意尝试使用ICMP回显请求 (ping) 淹没目标设备。

How to allow Pings (ICMP Echo requests) through Windows Firewall

By default, the Windows Firewall with Advanced Security blocks ICMP Echo Requests (Pings) from the network. In this post, we will show you how to allow Pings (ICMP Echo requests) through your Windows Firewall using Command Prompt or via the Windows Firewall with Advanced Security UI.

Should I enable ICMP?

For many network administrators, they consider the Internet Control Message Protocol (ICMP) a security risk, and therefore as a security measure, should have ICMP always be blocked at the firewall. In as much as ICMP is widely known to have some security issues associated with it, and for just that reason, ICMP should be blocked; it’s still no reason to block all ICMP traffic!

What ICMP types should I allow?

Apart from Type 3 and Type 4 – the only essential ICMP traffic you need to allow in and out of your firewall on your Windows 10/11 PC, everything else is either optional or should be blocked. Bear in mind that to send ping requests, you need to allow type 8 OUT and type 0 IN.

Allow Pings (ICMP Echo requests) through Windows Firewall

Generally, the way the ping command works amongst other network tools, is simply by sending special packets known as Internet Control Message Protocol (ICMP) Echo Requests to a target device, and then wait for that receiving device to respond and send back an ICMP Echo Reply packet. This action of pinging, apart from testing whether a network-connected device is active, it also measures the response time and outputs the result for you to review.

We can allow Pings (ICMP Echo requests) through your Firewall on Windows 10 or Windows 11 PC in either of two ways. We’ll explore this topic under the methods outlined below as follows.

Note: If you have a third-party security software with its own firewall installed on your system or just another type of dedicated third-party firewall program installed, you’ll need to open ports in that firewall instead of the in-built Windows Firewall.

1] Allow Pings (ICMP Echo requests) through Firewall on Windows PC via Windows Firewall with Advanced Security UI

To allow Pings (ICMP Echo requests) through Firewall on Windows PC via Windows Firewall with Advanced Security user interface, do the following:

• Click Start or press the Windows key on the keyboard.
• Type windows firewall, and then select Windows Defender Firewall from the top of the search result.
• Click the Advanced settings link on the left side of the Control Panel window that opens.
• In the left pane, right-click Inbound Rules and choose New Rule.
• In the New Inbound Rule window, select Custom.
• Click Next.
• On the Does this rule apply to all programs or specific programs? page, make sure the radio button is selected for All programs.
• Click Next.
• On the To which ports and protocol does this rule apply? page, click the Protocol type drop-down, and select ICMPv4.
• Click the Customize button.
• In the Customize ICMP Settings window, select the Specific ICMP types option.
• In the list of ICMP types, enable Echo Request.
• Click OK.
• Back on the To which ports and protocol does this rule apply? page, click Next.
• On the page that appears, select the radio button for Any IP address option for under the Which local IP addresses does this rule apply to? and Which remote IP addresses does this rule apply to? sections.

If you want, you can configure specific IP addresses to which your PC will respond to a ping request. Other ping requests are ignored.

• On the What action should be taken when a connection matches the specified conditions? page, make sure the radio button is selected for Allow the connection option.
• Click Next.
• On the When does this rule apply page, check/uncheck the available options per your requirement.
• Click Next.
• At the final screen, you need to give your new rule a name, and optionally provide a description. It’s recommended to add ICMPv4 to the rule name to differentiate from the ICMPv6 rule that you will create also.
• Click the Finish button.

Now, you can go ahead and create the ICMPv6 rule by repeating the steps above, but this time at the To which ports and protocol does this rule apply? page, click the Protocol type drop-down, and select ICMPv6 instead.

• Exit Windows Defender Firewall when done.

If at anytime you want to disable the rule, open Windows Firewall with Advanced Security Control Panel, select Inbound Rules on the left, and locate the rules you created in the middle pane, right-click the rule and choose Disable. These rules can also be deleted – but it’s best just disabling the rules instead, so you can easily and quickly re-enable them without recreating them.

2] Allow Pings (ICMP Echo requests) through Firewall on Windows PC using Command Prompt

This is the fastest way to create an exception for ping requests on Windows 11/10.

To allow Pings (ICMP Echo requests) through Firewall on Windows PC using Command Prompt, do the following:

• Press Windows key + R to invoke the Run dialog.
• In the Run dialog box, type cmd and then press CTRL + SHIFT + ENTER to open Command Prompt in admin/elevated mode.
• In the command prompt window, type or copy and paste the command below and hit Enter to create the ICMPv4 exception.

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow

• To create the ICMPv6 exception, run the command below:

netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=allow

Changes takes effect immediately without system reboot.

• To disable ping requests for the ICMPv4 exception, run the command below:

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=block

• To disable ping requests for the ICMPv6 exception, run the command below:

netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=block

If at anytime you want to disable a rule but have forgotten the name of the rule, you can run the command below to see a list of all rules:

netsh advfirewall firewall show rule name=all

That’s it on how to allow Pings (ICMP Echo requests) through Windows Firewall!

What is ICMP attack?

An ICMP attack (also referred to as a Ping flood attack), is a common Denial-of-Service (DoS) attack in which a threat actor maliciously attempts to overwhelm a targeted device with ICMP echo-requests (pings).

Related posts

• Windows Firewall是防止或阻止到您的计算机连接

• 如何恢复或重置Windows Firewall设置为默认设置

• 如何使用Netsh Command管理Windows Firewall

• 如何在Windows Firewall Block或在Port中打开Port

• Windows Firewall无法在Windows 10上识别Domain network

• 如何重置 Windows 防火墙设置（4 种方法）

• Windows 10 ZoneAlarm Free Firewall

• Allow or Block Apps通过Windows Firewall

• 使用 Windows Defender 防火墙阻止应用和游戏访问 Internet

• Fix Windows Firewall Windows 10中的问题

• Fix Unable至Activate Windows Defender Firewall

• 人人安全 - 查看 ZoneAlarm 免费杀毒软件 + 防火墙

• 简单的问题：什么是 Windows 防火墙以及如何打开或关闭它？

• OneClickFireWALL：Block或允许Internet access通过Context Menu

• 您需要为 Android 设备安装防火墙吗？

• Mac 防火墙：如何启用和配置它

• 如何阻止IP或Windows 10使用PowerShell一个网站

• 如何在Windows 10中Headphones修复Echo

• Windows 防火墙成为最佳防火墙之一的 5 个原因

• 修复 Windows 防火墙无法更改某些设置错误 0x80070424