怎么阻止本机与某个ip或者端口通信
日期:2014-05-17 浏览次数:21026 次
如何阻止本机与某个ip或者端口通信
如题,请问如何实现,最好是在命令行操作,因为需要随意控制组织或允许,而且经常变更,windows自带的防火墙能不能用命令
------解决方案--------------------
可以使用ipsec设置
------解决方案--------------------
适用于2003。xp也有ipseccmd命令,用法类似。
rem add filter filterlist= srcaddr= dstaddr= [description=][protocol=][mirrored=] [srcmask=][dstmask=][srcport=] [dstport=]
rem 规则名称 源地址 目标地址 备注 协议 是否镜像 源掩码 目标源码 源端口 目标端口
rem 添加策略
netsh ipsec static add policy name="btserver"
rem 添加规则
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=135 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=139 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=445 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=1025 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=3389 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=47001 protocol=tcp
netsh ipsec static add filter filterlist="permit" srcaddr=any dstaddr=me dstport=80 protocol=tcp
netsh ipsec static add filter filterlist="permit" srcaddr=any dstaddr=me dstport=80 protocol=udp
netsh ipsec static add filter filterlist="permit" srcaddr=me dstaddr=any mirrored=no
netsh ipsec static add filter filterlist="permit" srcaddr=***.***.***.0 srcmask=26 dstaddr=me
netsh ipsec static add filter filterlist="permit" srcaddr=***.***.***.0 srcmask=26 dstaddr=me
rem 添加动作
netsh ipsec static add filteraction name="deny" action=block
netsh ipsec static add filteraction name="permit" action=permit
rem 封装策略
netsh ipsec static add rule name="deny" policy="btserver" filterlist="deny" filteraction="deny"
netsh ipsec static add rule name="permit" policy="btserver" filterlist="permit" filteraction="permit"
rem 开启
netsh ipsec static set policy name="btserver" assign=y
如题,请问如何实现,最好是在命令行操作,因为需要随意控制组织或允许,而且经常变更,windows自带的防火墙能不能用命令
------解决方案--------------------
可以使用ipsec设置
------解决方案--------------------
适用于2003。xp也有ipseccmd命令,用法类似。
rem add filter filterlist= srcaddr= dstaddr= [description=][protocol=][mirrored=] [srcmask=][dstmask=][srcport=] [dstport=]
rem 规则名称 源地址 目标地址 备注 协议 是否镜像 源掩码 目标源码 源端口 目标端口
rem 添加策略
netsh ipsec static add policy name="btserver"
rem 添加规则
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=135 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=139 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=445 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=1025 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=3389 protocol=tcp
netsh ipsec static add filter filterlist="deny" srcaddr=any dstaddr=me dstport=47001 protocol=tcp
netsh ipsec static add filter filterlist="permit" srcaddr=any dstaddr=me dstport=80 protocol=tcp
netsh ipsec static add filter filterlist="permit" srcaddr=any dstaddr=me dstport=80 protocol=udp
netsh ipsec static add filter filterlist="permit" srcaddr=me dstaddr=any mirrored=no
netsh ipsec static add filter filterlist="permit" srcaddr=***.***.***.0 srcmask=26 dstaddr=me
netsh ipsec static add filter filterlist="permit" srcaddr=***.***.***.0 srcmask=26 dstaddr=me
rem 添加动作
netsh ipsec static add filteraction name="deny" action=block
netsh ipsec static add filteraction name="permit" action=permit
rem 封装策略
netsh ipsec static add rule name="deny" policy="btserver" filterlist="deny" filteraction="deny"
netsh ipsec static add rule name="permit" policy="btserver" filterlist="permit" filteraction="permit"
rem 开启
netsh ipsec static set policy name="btserver" assign=y
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
