wzj/jiao_ben
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
jiao_ben/windows/ipsec4.bat
wzj 57e9a9986f copy your stuff
2021-06-28 21:49:23 +08:00

44 lines
3.3 KiB
Batchfile
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

@echo off
rem ==================================================
rem author 赵亚南
rem date 2013/03/27
rem apply to win2k3 http://www.2cto.com/Article/201303/198927.html
rem ==================================================
sc config "PolicyAgent" start= auto
sc start PolicyAgent
Netsh ipsec static del rule all ipsec_base_config
Netsh ipsec static del policy all
Netsh ipsec static del filteraction all
Netsh ipsec static del filterlist all
Netsh ipsec static add policy name=ipsec_base_config activatedefaultrule = no
Netsh ipsec static add filteraction name=block action=block
Netsh ipsec static add filteraction name=permit action=permit
Netsh ipsec static add filterlist name=permitlist
Netsh ipsec static add filterlist name=alllist
Netsh ipsec static add filter filterlist=permitlist srcaddr=any dstaddr=me protocol=tcp mirrored=yes dstport=80 对外服务端口
Netsh ipsec static add filter filterlist=permitlist srcaddr=1.2.3.4 dstaddr=me protocol=tcp mirrored=yes dstport=3306 数据库
Netsh ipsec static add filter filterlist=permitlist srcaddr=2.3.4.5 srcmask=32 dstaddr=me dstmask=32 protocol=any mirrored=yes dstport=0 VPN-IP
Netsh ipsec static add filter filterlist=permitlist srcaddr=2.3.4.6 dstaddr=me protocol=any mirrored=yes dstport=0 VPN-IP
rem Netsh ipsec static add filter filterlist=permitlist srcaddr=192.168.1.0 srcmask=255.255.255.0 dstaddr=me protocol=any mirrored=yes dstport=0 内网信任网络
Netsh ipsec static add filter filterlist=permitlist srcaddr=210.72.145.44 srcmask=255.255.255.255 srcport=123 dstaddr=me dstport=123 protocol=UDP mirrored=yes 复旦大学NTP时间同步服务器
Netsh ipsec static add filter filterlist=permitlist srcaddr=any dstaddr=me protocol=ICMP mirrored=yes PING响应注释这条可以禁ping连本机也ping不出去
Netsh ipsec static add filter filterlist=permitlist srcaddr=60.195.252.107 dstaddr=me protocol=udp mirrored=yes dstport=161 监控宝snmp
Netsh ipsec static add filter filterlist=permitlist srcaddr=60.195.252.110 dstaddr=me protocol=udp mirrored=yes dstport=161 监控宝snmp
Netsh ipsec static add filter filterlist=permitlist srcaddr=60.195.252.106 dstaddr=me protocol=tcp mirrored=yes dstport=3306 监控宝mysql
Netsh ipsec static add filter filterlist=permitlist srcaddr=me dstaddr=202.96.128.86 protocol=udp mirrored=yes dstport=53 访问外网DNS要换成你当地的DNS
Netsh ipsec static add filter filterlist=permitlist srcaddr=me dstaddr=any protocol=tcp mirrored=yes dstport=80 访问外网WEB
Netsh ipsec static add filter filterlist=permitlist srcaddr=me dstaddr=any protocol=tcp mirrored=yes dstport=8080 访问外网WEB
Netsh ipsec static add filter filterlist=permitlist srcaddr=me dstaddr=any protocol=tcp mirrored=yes dstport=443 访问外网WEB
Netsh ipsec static add filter filterlist=permitlist srcaddr=me dstaddr=any protocol=tcp mirrored=yes dstport=21 访问外网FTP
Netsh ipsec static add filter filterlist=alllist srcaddr=any dstaddr=me protocol=any mirrored=yes dstport=0 最后默认阻止其它所有
Netsh ipsec static add rule name=1 policy=ipsec_base_config filterlist=permitlist filteraction=permit
Netsh ipsec static add rule name=2 policy=ipsec_base_config filterlist=alllist filteraction=block
netsh ipsec static set policy name=ipsec_base_config assign=y
Reference in New Issue View Git Blame Copy Permalink