Netsh Commands for Windows Firewall with Advanced Security.連接,他給你的幫助會更大;
導出IPsec安全策略:Netsh ipsec static exportpolicy file = d:\ExportSecurity.ipsec
導入IPsec安全策略:Netsh ipsec static importpolicy file = d:\ImportSecurity.ipsec
1、建立一個新的策略
1.1首先建立一個空的安全策略[Michael's安全策略]
Netsh ipsec static add policy name = Michael's安全策略
1.2建立一個篩選器操作”阻止”
Netsh ipsec static add filteraction name = 阻止 action =block
1.3建立一個篩選器列表“可訪問的終端列表”
Netsh ipsec static add filterlist name =可訪問的終端列表
Netsh ipsec static add filter filterlist = 可訪問的終端列表
srcaddr=203.86.32.248
dstaddr = me dstport = 3389
description = 部門1訪問 protocol =TCP mirrored = yes
Netsh ipsec static add filter filterlist = 可訪問的終端列表
Srcaddr = 203.86.31.0 srcmask=255.255.255.0
dstaddr = 60.190.145.9 dstport = 0
description = 部門2訪問 protocol =any mirrored = yes
1.4建立策略規(guī)則
Netsh ipsec static add rule name =可訪問的終端策略規(guī)則
Policy = Michael's安全策略
filterlist =可訪問的終端列表
filteraction = 阻止
2、修改策略
netsh ipsec static set filter filterlist = 可訪問的終端列表
srcaddr = 220.207.31.249
dstaddr = Me dstport=3389 protocol=TCP
3、刪除策略
netsh ipsec static delete rule name = 可訪問的終端策略規(guī)則 policy = Michael's安全策略
netsh ipsec static delete filterlist name = 可訪問的終端列表
4、最最重要的一步是激活;
netsh ipsec static set policy name = Michael's安全策略 assign = y
以下提供一個我自己寫的實例:
復制代碼 代碼如下:
echo 創(chuàng)建安全策略
Netsh IPsec static add policy name = APU安全策略
echo 創(chuàng)建篩選器是阻止的操作
Netsh IPsec static add filteraction name = 阻止 action = block
echo 創(chuàng)建篩選器是允許的操作
Netsh IPsec static add filteraction name = 允許 action = permit
echo 建立一個篩選器可以訪問的終端列表
Netsh IPsec static add filterlist name = 可訪問的終端列表
Netsh IPsec static add filter filterlist = 可訪問的終端列表 srcaddr = 203.86.32.248 dstaddr = me dstport = 3389 description = 部門1訪問 protocol = TCP mirrored = yes
echo 建立一個篩選器可以訪問的終端列表
Netsh ipsec static add filter filterlist = 可訪問的終端列表 Srcaddr = 203.86.31.0 srcmask=255.255.255.0 dstaddr = 60.190.145.9 dstport = 0 description = 部門2訪問 protocol =any mirrored = yes
echo 建立策略規(guī)則
Netsh ipsec static add rule name = 可訪問的終端策略規(guī)則 Policy = APU安全策略 filterlist = 可訪問的終端列表 filteraction = 阻止
echo 激活策略
netsh ipsec static set policy name = APU安全策略 assign = y
pause
或者
復制代碼 代碼如下:
Netsh ipsec static add policy name = 默認策略名稱
pause
Netsh ipsec static add filteraction name = 阻止操作 action = block
pause
Netsh ipsec static add filteraction name = 允許操作 action = permit
pause
Netsh ipsec static add filterlist name = 訪問列表
pause
Netsh ipsec static add filterlist name = 阻止列表
pause
Netsh ipsec static add filter filterlist = 訪問列表1 srcaddr = 203.86.32.248 dstaddr = me dstport = 3389 description = 部門1訪問 protocol = TCP mirrored = yes
pause
Netsh ipsec static add filter filterlist = 訪問列表2 srcaddr = 203.86.31.0 srcmask = 255.255.255.0 dstaddr = 60.190.145.9 dstport = 0 description = 部門2訪問 protocol = any mirrored = yes
pause
Netsh ipsec static add rule name = 可訪問的終端策略規(guī)則 Policy = 默認策略名稱 filterlist = 訪問列表1 filteraction = 阻止操作
pause
Netsh ipsec static add rule name = 可訪問的終端策略規(guī)則 Policy = 默認策略名稱 filterlist = 訪問列表2 filteraction = 阻止操作
pause
netsh ipsec static set policy name = 默認策略名稱 assign = y
pause
[以下是轉(zhuǎn)載未經(jīng)過測試,百度上都可以找的到。]
復制代碼 代碼如下:
REM =================開始================
netsh ipsec static ^
add policy name=bim
REM 添加2個動作,block和permit
netsh ipsec static ^
add filteraction name=Permit action=permit
netsh ipsec static ^
add filteraction name=Block action=block
REM 首先禁止所有訪問
netsh ipsec static ^
add filterlist name=AllAccess
netsh ipsec static ^
add filter filterlist=AllAccess srcaddr=Me dstaddr=Any
netsh ipsec static ^
add rule name=BlockAllAccess policy=bim filterlist=AllAccess filteraction=Block
REM 開放某些IP無限制訪問
netsh ipsec static ^
add filterlist name=UnLimitedIP
netsh ipsec static ^
add filter filterlist=UnLimitedIP srcaddr=61.128.128.67 dstaddr=Me
netsh ipsec static ^
add rule name=AllowUnLimitedIP policy=bim filterlist=UnLimitedIP filteraction=Permit
REM 開放某些端口
netsh ipsec static ^
add filterlist name=OpenSomePort
netsh ipsec static ^
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=20 protocol=TCP
netsh ipsec static ^
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=21 protocol=TCP
netsh ipsec static ^
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=80 protocol=TCP
netsh ipsec static ^
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=3389 protocol=TCP
netsh ipsec static ^
add rule name=AllowOpenSomePort policy=bim filterlist=OpenSomePort filteraction=Permit
REM 開放某些ip可以訪問某些端口
netsh ipsec static ^
add filterlist name=SomeIPSomePort
netsh ipsec static ^
add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=80 protocol=TCP
netsh ipsec static ^
add filter filterlist=SomeIPSomePort srcaddr=61.128.128.68 dstaddr=Me dstport=1433 protocol=TCP
netsh ipsec static ^
add rule name=AllowSomeIPSomePort policy=bim filterlist=SomeIPSomePort filteraction=Permit