命令行添加ipsec 及 防火墙

如果要运行这台机器访问192.168.1.1的8080端口,我们可以通过如下设置,以下为一个设置及相关注释,请您参考:

建立一个名叫policy1的安全策略:

Netsh ipsec static add policy name=policy1

建立一个安全筛选器,指定192.168.1.1

Netsh ipsec static add filterlist name=allowip

Netsh ipsec static add filter filterlist=allowip srcaddr=me dstaddr=192.168.1.1 dstport=8080 protocol=TCP

(网段srcaddr=192.168.1.1 srcmask=255.255.255.0)

(dstport=8080 protocol=TCP 不填写代表all )

建立一个筛选器操作:

Netsh ipsec static add filteraction name=allowact action=permit

加入规则到安全策略policy1:

Netsh ipsec static add rule name=rule1 policy=policy1 filterlist=allowip filteraction=allowact

激活这个策略:

Netsh ipsec static set policy name=policy1 assign=y

‘把安全策略导出
netsh ipsec static exportpolicy d:\ip.ipsec

‘删除所有安全策略
netsh ipsec static del all

‘把安全策略导入
netsh ipsec static importpolicy d:\ip.ipsec

脚本方式

========

可以将以下内容复制到一个ipsec.bat文件中:

netsh ipsec static add policy name=test

netsh ipsec static add filterlist name=myallow

netsh ipsec static add filter filterlist=myallow srcaddr=me dstaddr=192.168.1.1 dstport=8080 protocol=TCP

netsh ipsec static add filteraction name=allow action=permit

netsh ipsec static add rule name=allowrule policy=test filterlist=myallow filteraction=allow

netsh ipsec static set policy name=test assign=y

在需要配置的机器上,以管理员权限运行BAT文件,即可添加上

Firewall 高级设置

================

同样,我们也可以考虑使用windows firewall去设置相应的策略和规则,命令如下:

右击以管理员权限运行cmd.exe执行如下命令:

netsh advfirewall set currentprofile state on                —该命令是将计算机上的防火墙启用起来

再设置白名单,其中rule name 和remoteip可以自行修改:

netsh advfirewall firewall add rule name=”LOGS” dir=in action=allow protocol=TCP localport=8080 remoteip=192.268.1.1

netsh advfirewall firewall add rule name=”rdp01″ dir=in action=allow protocol=TCP localport=3389 remoteip=33.33.33.31

netsh advfirewall firewall add rule name=”rdp02″ dir=in action=allow protocol=TCP localport=3389 remoteip=33.33.33.32

netsh advfirewall firewall add rule name=”rdp03″ dir=in action=allow protocol=TCP localport=3389 remoteip=33.33.33.33

netsh advfirewall firewall add rule name=”SQL01″ dir=in action=allow protocol=TCP localport=1444 remoteip=33.33.33.31

netsh advfirewall firewall add rule name=”SQL02″ dir=in action=allow protocol=TCP localport=1444 remoteip=33.33.33.32

netsh advfirewall firewall add rule name=”SQL03″ dir=in action=allow protocol=TCP localport=1444 remoteip=33.33.33.33

参考链接:

Netsh commands for Internet Protocol security-2003

https://technet.microsoft.com/en-us/library/cc739550(v=ws.10).aspx

Netsh Commands for Internet Protocol Security (IPsec)-2008

https://technet.microsoft.com/en-us/library/cc725926(v=ws.10).aspx

How to use the “netsh advfirewall firewall” context instead of the “netsh firewall” context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista

https://support.microsoft.com/en-us/kb/947709

Netsh AdvFirewall Firewall Commands

https://technet.microsoft.com/zh-cn/library/dd734783(v=ws.10).aspx

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

huike008

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值