1、網絡安全工具 Netsh IPsec
IP安全策略列表:由多個IP安全策略組成
IP安全策略:由一個或多個規則的組成
規則:由一個IP篩選器列表和一個相應的篩選器操作的組成
IP篩選器列表:由一個或多個IP篩選器組成
篩選器操作:permit或block
操作流程:創建IP安全策略-->創建篩選器操作-->創建IP篩選器列表-->創建策略規則-->激活IP安全策略
2、完整實例
REM 清空策略
netsh ipsec static del all
REM 創建IP安全策略
netsh ipsec static add policy name=MyIPSec
REM 創建篩選器操作(block和permit)
netsh ipsec static add filteraction name=Permit action=permit
netsh ipsec static add filteraction name=Block action=block
REM 首先禁止所有訪問(創建IP篩選器列表、創建策略規則)
netsh ipsec static add filterlist name=AllAccess
netsh ipsec static add filter filterlist=AllAccess srcaddr=Me dstaddr=Any mirrored=yes
netsh ipsec static add rule name=BlockAllAccess policy=MyIPSec filterlist=AllAccess filteraction=Block
REM 開放某些IP無限制訪問(創建IP篩選器列表、創建策略規則)
netsh ipsec static add filterlist name=UnLimitedIP
netsh ipsec static add filter filterlist=UnLimitedIP srcaddr=192.168.120.83 dstaddr=Me mirrored=yes
netsh ipsec static add rule name=AllowUnLimitedIP policy=MyIPSec filterlist=UnLimitedIP filteraction=Permit
REM 開放某些端口(創建IP篩選器列表、創建策略規則)
netsh ipsec static add filterlist name=OpenSomePort
netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=3389 protocol=TCP mirrored=yes
netsh ipsec static add rule name=AllowOpenSomePort policy=MyIPSec filterlist=OpenSomePort filteraction=Permit
REM 開放某些ip可以訪問某些端口(創建IP篩選器列表、創建策略規則)
netsh ipsec static add filterlist name=SomeIPSomePort
netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any protocol=ICMP mirrored=yes
netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=80 protocol=TCP mirrored=yes
netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=443 protocol=TCP mirrored=yes
netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=53 protocol=TCP mirrored=yes
netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=53 protocol=UDP mirrored=yes
netsh ipsec static add rule name=AllowSomeIPSomePort policy=MyIPSec filterlist=SomeIPSomePort filteraction=Permit
REM 激活IP安全策略
netsh ipsec static set policy name=MyIPSec assign=y
REM =================結束================
3、操作補充
刪除規則
netsh ipsec static del rule name=BlockAllAccess policy=MyIPSec
刪除篩選器列表
netsh ipsec static add filterlist name=AllAccess
導出策略
netsh ipsec static exportpolicy file=d:\MyIPSec.ipsec
導入策略
netsh ipsec static importpolicy file=d:\MyIPSec.ipsc
1、網絡安全工具 Netsh IPsec