zoukankan      html  css  js  c++  java
  • WINDOWS 2008 采用IP策略解决445,139等病毒攻击问题

    @echo off  
    title 创建IP安全策略,屏蔽135、139445 . . . 等端口
    
    :: 配置说明文档地址
    :: http://blog.csdn.net/lpc_china/article/details/6944432
    
    echo 创建安全策略 
    netsh ipsec static delete policy name= 安全策略20170621
    netsh ipsec static add policy name=安全策略20170621
    
    echo 创建筛选器是阻止的操作 
    netsh ipsec static add filterlist name=阻止20170621
    
    
    echo 增加过滤条件
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=135 protocol=TCP
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=135 protocol=UDP
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=137 protocol=TCP
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=137 protocol=UDP
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=138 protocol=TCP
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=138 protocol=UDP
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=139 protocol=TCP
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=139 protocol=UDP
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=445 protocol=TCP
    netsh ipsec static add filter filterlist=阻止20170621 srcaddr=any dstaddr=Me dstport=445 protocol=UDP
    
    echo 创建筛选器是允许的操作
    netsh ipsec static add filteraction name=FilteraAtion20170621 action=block
    
    echo 建立策略规则
    netsh ipsec static add rule name=Rule1 policy=安全策略20170621 filterlist=阻止20170621 filteraction=FilteraAtion20170621
    
    echo 开始添加filterlist
    netsh ipsec static add filterlist name=允许20170621
    netsh ipsec static add filter filterlist=允许20170621 srcaddr=10.10.14.199 dstaddr=Me dstport=445 protocol=TCP
    netsh ipsec static add filter filterlist=允许20170621 srcaddr=10.10.14.199 dstaddr=Me dstport=445 protocol=UDP
    netsh ipsec static add filteraction name=FilterbAtion20170621 action=permit 
    netsh ipsec static add rule name=Rule2 policy=安全策略20170621 filterlist=允许20170621 filteraction=FilterbAtion20170621   
    
    :: 最重要的一步是激活;
    netsh ipsec static set policy name=安全策略20170621 assign=y
    
    pause

    生成一个禁止445.bat的文件即可。

  • 相关阅读:
    阿里云mysql远程连不上
    php-fpm的pool php-fpm慢执行日志 open_basedir php-fpm进程管理
    重置mysql密码
    树莓派挂载ntfs优盘
    Nginx安装 默认虚拟主机 Nginx用户认证 Nginx域名重定向
    配置防盗链 访问控制Directory 访问控制FilesMatch
    dash视频服务器本地搭建 (初探)
    npm vue ivew vue-cli3
    一维数组转树形结构
    nginx Access-Control-Allow-Origin 多域名跨域设置
  • 原文地址:https://www.cnblogs.com/littlehb/p/8511575.html
Copyright © 2011-2022 走看看