Win2003設置IP安全策略批處理腳本
2020-06-09 13:50:24
供稿:網友
代碼如下:
REM =================開始================
netsh ipsec static ^
add policy name=bim
REM 添加2個動作,block和permit
netsh ipsec static ^
add filteraction name=Permit action=permit
netsh ipsec static ^
add filteraction name=Block action=block
REM 首先禁止所有訪問
netsh ipsec static ^
add filterlist name=AllAccess
netsh ipsec static ^
add filter filterlist=AllAccess srcaddr=Me dstaddr=Any
netsh ipsec static ^
add rule name=BlockAllAccess policy=bim filterlist=AllAccess filteraction=Block
REM 開放某些IP無限制訪問
netsh ipsec static ^
add filterlist name=UnLimitedIP
netsh ipsec static ^
add filter filterlist=UnLimitedIP srcaddr=61.128.128.67 dstaddr=Me
netsh ipsec static ^
add rule name=AllowUnLimitedIP policy=bim filterlist=UnLimitedIP filteraction=Permit
REM 開放某些端口
netsh ipsec static ^
add filterlist name=OpenSomePort
netsh ipsec static ^
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=20 protocol=TCP
netsh ipsec static ^
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=21 protocol=TCP
netsh ipsec static ^
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=80 protocol=TCP
netsh ipsec static ^
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=3389 protocol=TCP
netsh ipsec static ^
add rule name=AllowOpenSomePort policy=bim filterlist=OpenSomePort filteraction=Permit
REM 開放某些ip可以訪問某些端口
netsh ipsec static ^
add filterlist name=SomeIPSomePort
netsh ipsec static ^
add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=80 protocol=TCP
netsh ipsec static ^
add filter filterlist=SomeIPSomePort srcaddr=61.128.128.68 dstaddr=Me dstport=1433 protocol=TCP
netsh ipsec static ^
add rule name=AllowSomeIPSomePort policy=bim filterlist=SomeIPSomePort filteraction=Permit
"netsh"是Windows 2000/XP/2003操作系統自身提供的命令行腳本實用工具,它允許用戶在本地或遠程顯示或修改當前正在運行的計算機的網絡配置。
netsh ipsec,聽聞只有windows2003才能運行�。在2003下測試的�����。
IP安全策略�����,我自身的理解就是:一個安全策略由一條條規則組成��,而這些規則是由2部分組成的��。首先要建立一個ip篩選器(用來指定那些地址)�。然后呢是篩選器操作(用來指定對這些ip的操作,就是動作)一個安全策略編寫完成了�����,首先要激活��,才能使用���,那就是指派���。
下面用實例來說明���,然后附帶一些常用的。這個例子就是不允許ip為192.168.1.2的機器訪問我的3389端口�����。'后面是注析
'建立一個名字叫XBLUE的安全策略先
netsh ipsec static add policy name=XBLUE
'建立一個ip篩選器�,指定192.168.1.2
netsh ipsec static add filterlist name=denyip
netsh ipsec static add filter filterlist=denyip srcaddr=192.168.1.2 dstaddr=Me dstport=3389 protocol=TCP
