Use command line IPSec to block a port

Source: Internet
Author: User
Tags sybase pcanywhere

In win2003, The netsh IPSec command is used directly, ipseccmd is used for XP systems, and ipsecpol is used for 2000. Common parameters are as follows:
-W Reg indicates that the configuration is written to the Registry and remains valid after restart.
-P specifies the policy name. If the policy name exists, add the rule to this policy. Otherwise, create one.
-R: Specifies the rule name.
-N indicates the operation, which can be block, pass, or inpass. It must be capitalized.
-X activates the policy.
-Y to make it invalid.
-O deletes the policy specified by-P.
Among them, the most critical is-f. It is used to set your filtering rules in the format
A. B. C. dmaskport = A. B. C. dmaskportprotocol. Where = is the source address and the target address. If + is used, the rule is bidirectional. * Represents any IP address in the IP address, and 0 represents my own IP address. You can also use wildcard characters, such as 144. 92 .., which is equivalent to 144.92.0.02.16255.0.0. You can use ipseccmd to get help.
If you want to delete a rule, you must use-y to make it invalid. Otherwise, the rule will last for a period of time.

Myipsec2003.bat:
Rem add Security Policy Name
Netsh IPSec static add Policy Name = my security policy

Add IP Filter list by Rem
Netsh IPSec static add filterlist name = allowed list
Netsh IPSec static add filterlist name = reject list

Rem adds a filter to the IP Filter list (successful internet access allowed)
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = web access protocol = TCP mirrored = Yes dstport = 80
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = DNS access protocol = TCP mirrored = Yes dstport = 53
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = DNS access protocol = UDP mirrored = Yes dstport = 53
Rem shared another host printed successfully
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.77 description = print protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.77 description = print protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.77 description = print protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.77 description = print protocol = TCP mirrored = Yes dstport = 445
Rem Server
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.201 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.201 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.201 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.201 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.203 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.203 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.203 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.203 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.202 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.202 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.202 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.202 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.105 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.105 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.105 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.105 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.88 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.88 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.88 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.88 description = server protocol = TCP mirrored = Yes dstport = 445

Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = TCP mirrored = Yes dstport = 139
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = UDP mirrored = Yes dstport = 138
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = UDP mirrored = Yes dstport = 137
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = TCP mirrored = Yes dstport = 445
Netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = 200.200.200.155 description = server protocol = UDP mirrored = Yes dstport = 445

netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = Ping access protocol = ICMP mirrored = Yes
netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = Sybase access protocol = TCP mirrored = Yes dstport = 5000
netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = DameWare protocol = TCP mirrored = Yes dstport = 6129
netsh IPSec static Add filter filterlist = allow list srcaddr = any dstaddr = me description = remotelyanywhere protocol = TCP mirrored = Yes dstport = 2000
netsh IPSec static Add filter filterlist = allow list srcaddr = me dstaddr = any description = pcAnywhere protocol = TCP mirrored = Yes dstport = 5631
netsh IPSec static add Filter filterlist = allow list srcaddr = me dstaddr = any description = pcAnywhere protocol = UDP mirrored = Yes dstport = 5632

Add the REM filter to the IP Filter list (not accessible to others)
Netsh IPSec static Add filter filterlist = reject list srcaddr = any dstaddr = me description = anyone else sends me any access to Protocol = any mirrored = Yes
Netsh IPSec static Add filter filterlist = reject list srcaddr = me dstaddr = any description = I access any protocol = any mirrored = Yes

Rem Add filter operation
Netsh IPSec static add filteraction name = Yes action = Permit
Netsh IPSec static add filteraction name = no action = block

Rem creates a link to specify the IPsec Policy, Filter list, and filter operation rules (add rules to my security policy)
Netsh IPSec static add rule name = allow rule policy = my security policy filterlist = allow list filteraction = Yes
Netsh IPSec static add rule name = deny rule policy = my security policy filterlist = deny list filteraction = No

Rem activates my security policy
Netsh IPSec static set policy name = my security policy assign = y

Summary by REM, Policy (rule (Filter list filterlist (filter)-filter operation filteraction)
Rem netsh IPSec static Delete Policy Name = my security policy
Rem netsh IPSec static Delete Policy all
Rem netsh IPSec static show policy all
Rem netsh firewall Delete portopening TCP 2000


Myipsecdel. BAT:
Netsh IPSec static Delete Policy Name = my security policy
Rem netsh IPSec static Delete Policy all

Winxpipsec. BAT:

Rem sets the policy name and details of the rules contained in the policy

Ipseccmd-W reg-P "Block default ports"-y
Ipseccmd-W reg-P "Block default ports"-o
Ipseccmd-W reg-P "Block default ports"-R "block all"-F 0 + *-N Block

REM ipseccmd-W reg-P "Block default ports"-R "block TCP/135"-f * + 0: 135: TCP-N block
REM ipseccmd-W reg-P "Block default ports"-R "block TCP/139"-f * + 0: 139: TCP-N block
REM ipseccmd-W reg-P "Block default ports"-R "block TCP/445"-f * + 0: 445: TCP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/123"-f * + 0: 123: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/135"-f * + 0: 135: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/137"-f * + 0: 137: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/138"-f * + 0: 138: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/139"-f * + 0: 139: UDP-N block
REM ipseccmd-W reg-P "Block default ports"-R "Block UDP/445"-f * + 0: 445: UDP-N block

Ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 445: UDP-N pass
Ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 445: TCP-N pass

Rem ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 137: UDP-N pass
Rem ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 138: UDP-N pass
Rem ipseccmd-W reg-P "Block default ports"-R "Allow Server"-F 0 + 200.200.200.201: 139: TCP-N pass

 

Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 445: UDP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 445: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 137: UDP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 138: UDP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow print"-F 0 + 200.200.200.77: 139: TCP-N pass

Ipseccmd-W reg-P "Block default ports"-R "allow sqlserver"-F 0 + *: 1433: TCP-N pass

Ipseccmd-W reg-P "Block default ports"-R "allow sybase"-F 0 + *: 5000: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow sybase"-F 0 + *: 5001: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow sybase"-F 0 + *: 5002: TCP-N pass

Ipseccmd-W reg-P "Block default ports"-R "allow DameWare"-F 200.200.200.106 + 0: 6129: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow pcAnywhere"-F 200.200.200.106 + 0: 5631: TCP-N pass

Ipseccmd-W reg-P "Block default ports"-R "allow Firebird"-F 0 + *: 211: TCP-N pass
Ipseccmd-W reg-P "Block default ports"-R "allow Firebird"-F 0 + *: 3050: TCP-N pass

Ipseccmd-W reg-P "Block default ports"-R "allow ping"-f * + *: ICMP-N pass
Ipseccmd-W reg-P "Block default ports"-x
Rem activates this policy

Winxpipsec_del.bat:
Rem is not assigned. The first policy is not assigned, and the second policy is deleted.
Ipseccmd-W reg-P "Block default ports"-y
Ipseccmd-W reg-P "Block default ports"-o

Win2000ipsec. BAT:

Rem sets the policy name and details of the rules contained in the policy

Rem ipsecpol-W reg-P "Block default ports"-y
Rem ipsecpol-W reg-P "Block default ports"-o
Ipsecpol-W reg-P "Block default ports"-R "block all"-F 0 + *-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "block TCP/135"-f * + 0: 135: TCP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "block TCP/139"-f * + 0: 139: TCP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "block TCP/445"-f * + 0: 445: TCP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/123"-f * + 0: 123: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/135"-f * + 0: 135: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/137"-f * + 0: 137: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/138"-f * + 0: 138: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/139"-f * + 0: 139: UDP-N Block
Rem ipsecpol-W reg-P "Block default ports"-R "Block UDP/445"-f * + 0: 445: UDP-N Block

 

Rem ipsecpol-W reg-P "Block default ports"-R "allow UDP/137"-f * + 0: 137: UDP-N pass
Rem ipsecpol-W reg-P "Block default ports"-R "allow UDP/138"-f * + 0: 138: UDP-N pass
Rem ipsecpol-W reg-P "Block default ports"-R "allow UDP/139"-f * + 0: 139: UDP-N pass
Rem ipsecpol-W reg-P "Block default ports"-R "allow TCP/139"-f * + 0: 139: TCP-N pass

Ipsecpol-W reg-P "Block default ports"-R "allow TCP/445"-f * + 0: 445: TCP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow UDP/445"-f * + 0: 445: UDP-N pass

REM ipsecpol-W reg-P "Block default ports"-R "allow sybase"-F 0 + *: 5000: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow sybase"-f * + 0: 5000: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow Sybase sqlserver5001"-f * + 0: 5001: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow Sybase sqlserver5002"-f * + 0: 5002: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow sqlserver"-f * + 0: 1433: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow pcAnywhere TCP"-F 200.200.200.106 + 0: 5631: TCP-N pass
ipsecpol-W reg-P "Block default ports"-R "allow pcAnywhere UDP"-F 200.200.200.106 + 0: 5632: UDP-N pass

Ipsecpol-W reg-P "Block default ports"-R "allow DameWare"-F 200.200.200.106 + 0: 6129: TCP-N pass
Rem ipsecpol-W reg-P "Block default ports"-R "allow Firebird"-F 0 + X: 211: TCP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow firebird211"-f * + 0: 211: TCP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow firebird3050"-f * + 0: 3050: TCP-N pass
Ipsecpol-W reg-P "Block default ports"-R "allow ping"-F 0 + *: ICMP-N pass
Ipsecpol-W reg-P "Block default ports"-x
Rem activates this policy


Win2000ipsec_del.bat:

Rem is not assigned. The first policy is not assigned, and the second policy is deleted.
Ipsecpol-W reg-P "Block default ports"-y
Ipsecpol-W reg-P "Block default ports"-o

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.