Windows 屏蔽高危端口腳本bat
本文主要闡述如何在Windows系統下簡單快速對高危端口進行屏蔽。
以下為windows幾個常用高危端口屏蔽bat腳本參考:
REM 添加策略
netsh ipsec static add policy name=secport
netsh ipsec static add filterlist name=drop-port
REM 添加篩選器到IP篩選器列表
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=135
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=137
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=udp mirrored=yes dstport=137
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=139
netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=445
REM 添加篩選器操作
netsh ipsec static add filteraction name=drop-data action=block
REM 創建一個鏈接指定 IPSec 策略、篩選器列表和篩選器操作的規則
netsh ipsec static add rule name=拒絕規則 policy=secport filterlist=drop-port filteraction=drop-data
REM 激活安全策略
netsh ipsec static set policy name=secport assign=y
本文出自 “DDos886” 博客,請務必保留此出處http://ddos886.blog.51cto.com/13388172/1972793
Windows 屏蔽高危端口腳本bat