標籤:bat 高危連接埠 指令碼
本文主要闡述如何在Windows系統下簡單快速對高危連接埠進行屏蔽。
以下為windows幾個常用高危連接埠屏蔽bat指令碼參考:
REM 添加策略
netsh ipsec static add policy name=secport
netsh ipsec static add filterlist name=drop-port
REM 添加篩選器到IP篩選器列表
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=135
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=137
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=udp mirrored=yes dstport=137
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=139
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=445
REM 添加篩選器操作
netsh ipsec static add filteraction name=drop-data action=block
REM 建立一個連結指定 IPSec 策略、篩選器列表和篩選器操作的規則
netsh ipsec static add rule name=拒絕規則 policy=secport filterlist=drop-port filteraction=drop-data
REM 啟用安全性原則
netsh ipsec static set policy name=secport assign=y
本文出自 “DDos886” 部落格,請務必保留此出處http://ddos886.blog.51cto.com/13388172/1972793
Windows 屏蔽高危連接埠指令碼bat