I needed to adjust the scope of a built-in firewall rule in a couple of servers, restricting the remote IPs to a list of UVM subnets in CIDR notation. The netsh documentation describes the syntax for a list as comma-separated values (no spaces). But I kept getting errors with the command:
netsh advfirewall firewall set rule name="Windows Internet Naming Service (WINS) (NB-Name-UDP-In)" remoteip="10.10.0.0/16,10.11.0.0/16,10.12.0.0/16"
Finally, I actually read the error message:
For ‘set’ commands, the ‘new’ keyword must be present and must not be the last argument provided.
And the related part of the usage text:
Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made.
One little three-letter keyword was all I needed:
netsh advfirewall firewall set rule name="Windows Internet Naming Service (WINS) (NB-Name-UDP-In)" new remoteip="10.100.0.0/16,10.101.0.0/16,10.102.0.0/16"