• WINDOWS 2008 采用IP策略解决445,139等病毒攻击问题

    @echo off  
title 创建IP安全策略,屏蔽135、139445 . . . 等端口

:: 配置说明文档地址
:: http://blog.csdn.net/lpc_china/article/details/6944432

echo 创建安全策略 
netsh ipsec static delete policy name= 安全策略20170621
netsh ipsec static add policy name=安全策略20170621

echo 创建筛选器是阻止的操作 
netsh ipsec static add filterlist name=阻止20170621


echo 增加过滤条件
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=135 protocol=TCP
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=135 protocol=UDP
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=137 protocol=TCP
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=137 protocol=UDP
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=138 protocol=TCP
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=138 protocol=UDP
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=139 protocol=TCP
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=139 protocol=UDP
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=445 protocol=TCP
netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=445 protocol=UDP

echo 创建筛选器是允许的操作
netsh ipsec static add filteraction name=FilteraAtion20170621 action=block

echo 建立策略规则
netsh ipsec static add rule name=Rule1 policy=安全策略20170621 filterlist=阻止20170621 filteraction=FilteraAtion20170621

echo 开始添加filterlist
netsh ipsec static add filterlist name=允许20170621
netsh ipsec static add filter filterlist=允许20170621 srcaddr=10.10.14.199 dstaddr=Me dstport=445 protocol=TCP
netsh ipsec static add filter filterlist=允许20170621 srcaddr=10.10.14.199 dstaddr=Me dstport=445 protocol=UDP
netsh ipsec static add filteraction name=FilterbAtion20170621 action=permit 
netsh ipsec static add rule name=Rule2 policy=安全策略20170621 filterlist=允许20170621 filteraction=FilterbAtion20170621   

:: 最重要的一步是激活;
netsh ipsec static set policy name=安全策略20170621 assign=y

pause

    生成一个禁止445.bat的文件即可。
  • 相关阅读:
    DOM优化
    jQuery绑定以及解除时间方法总结,以及事件触发的方法
    javascript的异步编程方法
    innerHTML,innertext ,textcontent,write()
    关于盒子的那些事
    关于HTTP的几种
    关于php中正则匹配包括换行符在内的任意字符的问题总结
    CSS透明属性详解
    Linux下apache日志分析与状态查看方法
    折半排序 (稳定的排序)
  • 原文地址:https://www.cnblogs.com/littlehb/p/8511575.html
Copyright © 2020-2023  润新知