In win2003, The netsh IPSec command is used directly, ipseccmd is used for XP systems, and ipsecpol is used for 2000. Common parameters are as follows:
-W Reg indicates that the configuration is written to the Registry and remains valid after restart.
-P specifies the policy name. If the policy name exists, add the rule to this policy. Otherwise, create one.
-R: Specifies the rule name.
-N indicates the operation, which can be block, pass, or inpass. It must be capitalized.
-X activates the policy.
-Y to make it invalid.
-O deletes the policy specified by-P.
Among them, the most critical is-f. It is used to set your filtering rules in the format
A. B. C. dmaskport = A. B. C. dmaskportprotocol. Where = is the source address and the target address. If + is used, the rule is bidirectional. * Represents any IP address in the IP address, and 0 represents my own IP address. You can also use wildcard characters, such as 144. 92 .., which is equivalent to 144.92.0.02.16255.0.0. You can use ipseccmd to get help.
If you want to delete a rule, you must use-y to make it invalid. Otherwise, the rule will last for a period of time.
Myipsec2003.bat:
Rem add Security Policy Name
Netsh IPSec static add Policy Name = my security policy
Add IP Filter list by Rem
Netsh IPSec static add filterlist name = allowed list
Netsh IPSec static add filterlist name = reject list
Rem adds a filter to the IP Filter list (successful internet access allowed)
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = web access protocol = TCP mirrored = Yes dstport = 80
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = DNS access protocol = TCP mirrored = Yes dstport = 53
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = DNS access protocol = UDP mirrored = Yes dstport = 53
Rem shared another host printed successfully
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.77 description = print protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.77 description = print protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.77 description = print protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.77 description = print protocol = TCP mirrored = Yes dstport = 445
Rem Server
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.201 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.201 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.201 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.201 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.203 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.203 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.203 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.203 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.202 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.202 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.202 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.202 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.105 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.105 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.105 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.105 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.88 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.88 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.88 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.88 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = UDP mirrored = Yes dstport = 445
netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = Ping access protocol = ICMP mirrored = Yes
netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = Sybase access protocol = TCP mirrored = Yes dstport = 5000
netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = DameWare protocol = TCP mirrored = Yes dstport = 6129
netsh IPSec static Add filter filterlist = allow list srcaddr = any dstaddr = me description = remotelyanywhere protocol = TCP mirrored = Yes dstport = 2000
netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = pcAnywhere protocol = TCP mirrored = Yes dstport = 5631
netsh IPSec static add Filter filterlist = allow list srcaddr = me dstaddr = any description = pcAnywhere protocol = UDP mirrored = Yes dstport = 5632
Add the REM filter to the IP Filter list (not accessible to others)
Netsh IPSec static Add filter filterlist = reject list srcaddr = any dstaddr = me description = anyone else sends me any access to Protocol = any mirrored = Yes
Netsh IPSec static Add filter filterlist = reject list srcaddr = me dstaddr = any description = I access any protocol = any mirrored = Yes
Rem Add filter operation
Netsh IPSec static add filteraction name = Yes action = Permit
Netsh IPSec static add filteraction name = no action = block
Rem creates a link to specify the IPsec Policy, Filter list, and filter operation rules (add rules to my security policy)
Netsh IPSec static add rule name = allow rule policy = my security policy filterlist = allow list filteraction = Yes
Netsh IPSec static add rule name = deny rule policy = my security policy filterlist = deny list filteraction = No
Rem activates my security policy
Netsh IPSec static set policy name = my security policy assign = y
Summary by REM, Policy (rule (Filter list filterlist (filter)-filter operation filteraction)
Rem netsh IPSec static Delete Policy Name = my security policy
Rem netsh IPSec static Delete Policy all
Rem netsh IPSec static show policy all
Rem netsh firewall Delete portopening TCP 2000
Myipsecdel. BAT:
Netsh IPSec static Delete Policy Name = my security policy
Rem netsh IPSec static Delete Policy all
Winxpipsec. BAT:
Rem sets the policy name and details of the rules contained in the policy
Ipseccmd-W reg-P "Block default ports"-y
Ipseccmd-W reg-P "Block default ports"-o
Ipseccmd-W reg-P "Block default ports"-R "block all"-F 0 + *-N Block
REM ipseccmd-W reg-P "Block default ports"-R "block TCP/135"-f * + 0: 135: TCP-N block
REM ipseccmd-W reg-P "Block default ports"-R "block TCP/139"-f * + 0: 139: TCP-N block
REM ipseccmd-W reg-P "Block default ports"-R "block TCP/445"-f * + 0: 445: TCP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/123"-f * + 0: 123: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/135"-f * + 0: 135: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/137"-f * + 0: 137: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/138"-f * + 0: 138: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/139"-f * + 0: 139: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/445"-f * + 0: 445: UDP-N block
Ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 445: UDP-N pass
Ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 445: TCP-N pass
Rem ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 137: UDP-N pass
Rem ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 138: UDP-N pass
Rem ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 139: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 445: UDP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 445: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 137: UDP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 138: UDP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 139: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow sqlserver"-F 0 + *: 1433: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow sybase"-F 0 + *: 5000: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow sybase"-F 0 + *: 5001: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow sybase"-F 0 + *: 5002: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow DameWare"-F 200.200.200.106 + 0: 6129: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow pcAnywhere"-F 200.200.200.106 + 0: 5631: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow Firebird"-F 0 + *: 211: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow Firebird"-F 0 + *: 3050: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow ping"-f * + *: ICMP-N pass
Ipseccmd-W reg-P "Block default ports"-x
Rem activates this policy
Winxpipsec_del.bat:
Rem is not assigned. The first policy is not assigned, and the second policy is deleted.
Ipseccmd-W reg-P "Block default ports"-y
Ipseccmd-W reg-P "Block default ports"-o
Win2000ipsec. BAT:
Rem sets the policy name and details of the rules contained in the policy
Rem ipsecpol-W reg-P "Block default ports"-y
Rem ipsecpol-W reg-P "Block default ports"-o
Ipsecpol-W reg-P "Block default ports"-R "block all"-F 0 + *-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "block TCP/135"-f * + 0: 135: TCP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "block TCP/139"-f * + 0: 139: TCP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "block TCP/445"-f * + 0: 445: TCP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/123"-f * + 0: 123: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/135"-f * + 0: 135: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/137"-f * + 0: 137: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/138"-f * + 0: 138: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/139"-f * + 0: 139: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/445"-f * + 0: 445: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "allow UDP/137"-f * + 0: 137: UDP-N pass
Rem ipsecpol-W reg-P "Block default ports"-R "allow UDP/138"-f * + 0: 138: UDP-N pass
Rem ipsecpol-W reg-P "Block default ports"-R "allow UDP/139"-f * + 0: 139: UDP-N pass
Rem ipsecpol-W reg-P "Block default ports"-R "allow TCP/139"-f * + 0: 139: TCP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow TCP/445"-f * + 0: 445: TCP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow UDP/445"-f * + 0: 445: UDP-N pass
REM ipsecpol-W reg-P "Block default ports"-R "allow sybase"-F 0 + *: 5000: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow sybase"-f * + 0: 5000: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow Sybase sqlserver5001"-f * + 0: 5001: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow Sybase sqlserver5002"-f * + 0: 5002: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow sqlserver"-f * + 0: 1433: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow pcAnywhere TCP"-F 200.200.200.106 + 0: 5631: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow pcAnywhere UDP"-F 200.200.200.106 + 0: 5632: UDP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow DameWare"-F 200.200.200.106 + 0: 6129: TCP-N pass
Rem ipsecpol-W reg-P "Block default ports"-R "allow Firebird"-F 0 + X: 211: TCP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow firebird211"-f * + 0: 211: TCP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow firebird3050"-f * + 0: 3050: TCP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow ping"-F 0 + *: ICMP-N pass
Ipsecpol-W reg-P "Block default ports"-x
Rem activates this policy
Win2000ipsec_del.bat:
Rem is not assigned. The first policy is not assigned, and the second policy is deleted.
Ipsecpol-W reg-P "Block default ports"-y
Ipsecpol-W reg-P "Block default ports"-o