windows IPSec安全
關鍵詞:端口禁止,協(xié)議禁止,IP過濾,IPSec
1、 范例:拒絕某個IP的訪問,例如拒絕192.168.1.249這個IP訪問,在windows上打開記事本,然后將下面內(nèi)容復制進去,最后保存為.bat的腳本文件雙擊運行即可,
rem 配置IP安全策略
netsh ipsec static add policy name=drop
netsh ipsec static add filterlist name=drop_port
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=192.168.1.249 protocol=any mirrored=no
netsh ipsec static add filteraction name=denyact action=block
netsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyact
netsh ipsec static set policy name=drop assign=y
2、 范例:拒絕某個IP訪問某個端口、拒絕所有UDP協(xié)議。例如拒絕192.168.1.249這個IP訪問3389遠程端口,并且拒絕所有UDP協(xié)議。在windows上打開記事本,然后將下面內(nèi)容復制進去,最后保存為.bat的腳本文件雙擊運行即可,
rem 配置IP安全策略
netsh ipsec static add policy name=drop
netsh ipsec static add filterlist name=drop_port
netsh ipsec static add filter filterlist=drop_port srcaddr=me srcport=3389 dstaddr=192.168.1.249 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any protocol=UDP mirrored=no
netsh ipsec static add filteraction name=denyact action=block
netsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyact
netsh ipsec static set policy name=drop assign=y
3、刪除策略:在dos下面輸入“secpol.msc”——IP安全策略——進入相對應的策略表然后刪除即可