本文主要闡述如何在Windows系統下簡單快速對高危端口進行屏蔽。

以下為windows幾個常用高危端口屏蔽bat腳本參考：

REM 添加策略

netsh ipsec static add policy name=secport

netsh ipsec static add filterlist name=drop-port

REM 添加篩選器到IP篩選器列表

netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=135

netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=137

netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=udp mirrored=yes dstport=137

netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=139

netsh ipsec static add filter filterlist=drop-port srcaddr=any dstaddr=me description=任何到我的訪問 protocol=tcp mirrored=yes dstport=445

REM 添加篩選器操作

netsh ipsec static add filteraction name=drop-data action=block

REM 創建一個鏈接指定 IPSec 策略、篩選器列表和篩選器操作的規則

netsh ipsec static add rule name=拒絕規則 policy=secport filterlist=drop-port filteraction=drop-data

REM 激活安全策略

netsh ipsec static set policy name=secport assign=y

本文出自 “DDos886” 博客，請務必保留此出處http://ddos886.blog.51cto.com/13388172/1972793

Windows 屏蔽高危端口腳本bat