windows IPSec安全
关键词:端口禁止,协议禁止,IP过滤,IPSec
1、 范例:拒绝某个IP的访问,例如拒绝192.168.1.249这个IP访问,在windows上打开记事本,然后将下面内容复制进去,最后保存为.bat的脚本文件双击运行即可,
rem 配置IP安全策略
netsh ipsec static add policy name=drop
netsh ipsec static add filterlist name=drop_port
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=192.168.1.249 protocol=any mirrored=no
netsh ipsec static add filteraction name=denyact action=block
netsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyact
netsh ipsec static set policy name=drop assign=y
2、 范例:拒绝某个IP访问某个端口、拒绝所有UDP协议。例如拒绝192.168.1.249这个IP访问3389远程端口,并且拒绝所有UDP协议。在windows上打开记事本,然后将下面内容复制进去,最后保存为.bat的脚本文件双击运行即可,
rem 配置IP安全策略
netsh ipsec static add policy name=drop
netsh ipsec static add filterlist name=drop_port
netsh ipsec static add filter filterlist=drop_port srcaddr=me srcport=3389 dstaddr=192.168.1.249 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any protocol=UDP mirrored=no
netsh ipsec static add filteraction name=denyact action=block
netsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyact
netsh ipsec static set policy name=drop assign=y
3、删除策略:在dos下面输入“secpol.msc”——IP安全策略——进入相对应的策略表然后删除即可
粤公网安备:44010402001679号
