Create a new BAT file, copy the following to the bat file, and name the file name Drop-udp.bat
Copy Code code as follows:
netsh ipsec static add policy name=dropudp
netsh ipsec static add filterlist name=allow-udp
netsh ipsec static add filterlist name=drop-udp
REM add filter to IP filter list (allow Internet access)
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns access protocol=udp mirrored= yesdstport=53
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns access protocol=udp mirrored= Yesdstport=123
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns access protocol=udp mirrored= yesdstport=161
REM add filter to IP Filter list (no access to others)
netsh ipsec static add filter filterlist=drop-udp Srcaddr=any dstaddr=me description= Others to me any access protocol=udp Mirrored=yes
REM Add filter action
netsh ipsec static add filteraction name=allow-udp-port Action=permit
netsh ipsec static add filteraction name=drop-udp-port Action=block
REM Create a link specify the rules for IPSEC policy, filter list, and filter actions (join rule to my security policy)
netsh ipsec static add rule name= Allow rules policy=dropudp filterlist=allow-udp filteraction=allow-udp-port
netsh ipsec static add rule name= reject rules policy=dropudp filterlist=drop-udp filteraction=drop-udp-port
REM activates my security policy
netsh ipsec static setpolicy name=dropudp assign=y
After saving, double-click to run
UDP In addition to DNS resolution, 161 SNMP monitoring port and Time synchronization Service 123 of these three UDP ports, disable all UDP inbound and outbound connections