打开80端口:
netsh advfirewall firewall add rule name=”tcp80” dir=in protocol=tcp localport=80 action=allow
关闭445端口(tcp):
netsh advfirewall firewall add rule name=”deny tcp 445” dir=in protocol=tcp localport=445 action=block
关闭139端口(udp):
netsh advfirewall firewall add rule name=”deny udp 139” dir=in protocol=udp localport=139 action=block
启用桌面防火墙
netsh advfirewall set allprofiles state on
设置默认输入和输出策略
netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound
以上是设置为允许,如果设置为拒绝使用blockinbound,blockoutbound
恢复初始防火墙设置
netsh advfirewall reset
关闭防火墙
netsh advfirewall set allprofiles state off
为不具有封装的 messenger.exe 添加入站规则:
netsh advfirewall firewall add rule name="allow messenger"
dir=in program="c:\programfiles\messenger\msmsgs.exe"
security=authnoencap action=allow
为端口 80 添加出站规则:
netsh advfirewall firewall add rule name="allow80"
protocol=TCP dir=out localport=80 action=block
为 TCP 端口 80 通信添加需要安全和加密的入站规则:
netsh advfirewall firewall add rule
name="Require Encryption for Inbound TCP/80"
protocol=TCP dir=in localport=80 security=authdynenc
action=allow
为 messenger.exe 添加需要安全的入站规则:
netsh advfirewall firewall add rule name="allow messenger"
dir=in program="c:\program files\messenger\msmsgs.exe"
security=authenticate action=allow
为 SDDL 字符串标识的组 acmedomain\scanners 添加
经过身份验证的防火墙跳过规则:
netsh advfirewall firewall add rule name="allow scanners"
dir=in rmtcomputergrp=<SDDL string> action=bypass
security=authenticate
为 udp- 的本地端口 5000-5010 添加出站允许规则
Add rule name="Allow port range" dir=out protocol=udp localport=5000-5010 action=allow
参考:http://taodegui.blog.163.com/blog/static/26335484201331454433688/