windows IPSec安全
關(guān)鍵詞:端口禁止,協(xié)議禁止,IP過濾,IPSec
1、 范例:拒絕某個(gè)IP的訪問,例如拒絕192.168.1.249這個(gè)IP訪問,在windows上打開記事本,然后將下面內(nèi)容復(fù)制進(jìn)去,最后保存為.bat的腳本文件雙擊運(yùn)行即可,
rem 配置IP安全策略
netsh ipsec static add policy name=drop
netsh ipsec static add filterlist name=drop_port
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=192.168.1.249 protocol=any mirrored=no
netsh ipsec static add filteraction name=denyact action=block
netsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyact
netsh ipsec static set policy name=drop assign=y
2、 范例:拒絕某個(gè)IP訪問某個(gè)端口、拒絕所有UDP協(xié)議。例如拒絕192.168.1.249這個(gè)IP訪問3389遠(yuǎn)程端口,并且拒絕所有UDP協(xié)議。在windows上打開記事本,然后將下面內(nèi)容復(fù)制進(jìn)去,最后保存為.bat的腳本文件雙擊運(yùn)行即可,
rem 配置IP安全策略
netsh ipsec static add policy name=drop
netsh ipsec static add filterlist name=drop_port
netsh ipsec static add filter filterlist=drop_port srcaddr=me srcport=3389 dstaddr=192.168.1.249 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any protocol=UDP mirrored=no
netsh ipsec static add filteraction name=denyact action=block
netsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyact
netsh ipsec static set policy name=drop assign=y
3、刪除策略:在dos下面輸入“secpol.msc”——IP安全策略——進(jìn)入相對(duì)應(yīng)的策略表然后刪除即可