netsh是一个非常强大的、命令行的网络配置工具。它可以进行网卡配置、防火墙配置、IP安全策略等配置。比如我们如果想是想对精确控制某个IP对本机某个端口的访问,完全可以通过配置本地的IPSec来实现。
配置ipsec策略一般有五个步骤:
【1】创建策略。
【2】创建过滤器。
【3】创建过滤动作。
【4】创建规则(封装策略)。
【5】启用和关闭策略。
-------------------------------------------------------------------------------------------
实现ipsec的配置,既可以通过windows自带的图形界面操作,也可以通过命令行操作,对于开发人员来说,要想在自己的程序中使用IPSec,肯定更关心的是命令行下的配置方式。
--------------------------------------------------------------------------------------------------------------------------------
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | <br>rem 添加安全策略名称netsh ipsec static add policy name=Wallrem 添加 IP筛选器列表netsh ipsec static add filterlist name=ALLowWallnetsh ipsec static add filterlist name=DenyWallrem 添加筛选器到IP筛选器列表(允许上网成功)netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=any description=web protocol=tcp mirrored=yes dstport=80netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=any description=dns protocol=tcp mirrored=yes dstport=53netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=any description=dns protocol=udp mirrored=yes dstport=53rem Servernetsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=192.168.148.1 description=Server protocol=tcp mirrored=yes dstport=139netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=192.168.148.1 description=Server protocol=udp mirrored=yes dstport=138netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=192.168.148.1 description=Server protocol=udp mirrored=yes dstport=137netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=192.168.148.1 description=Server protocol=tcp mirrored=yes dstport=445netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=192.168.148.1 description=Server protocol=udp mirrored=yes dstport=445REM netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=any description=ping protocol=ICMP mirrored=yesnetsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=any description=sybase protocol=tcp mirrored=yes dstport=5000netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=any description=dameware protocol=tcp mirrored=yes dstport=6129netsh ipsec static add filter filterlist=ALLowWall srcaddr=any dstaddr=me description=remotelyanywhere protocol=tcp mirrored=yes dstport=2000netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=any description=pcanywhere protocol=tcp mirrored=yes dstport=5631netsh ipsec static add filter filterlist=ALLowWall srcaddr=me dstaddr=any description=pcanywhere protocol=udp mirrored=yes dstport=5632rem 添加筛选器到IP筛选器列表(不让别人访问)netsh ipsec static add filter filterlist=DenyWall srcaddr=any dstaddr=me description=anyTome protocol=any mirrored=yesnetsh ipsec static add filter filterlist=DenyWall srcaddr=me dstaddr=any description=meOut protocol=any mirrored=yesrem 添加筛选器操作netsh ipsec static add filteraction name=ALLowAction action=permitnetsh ipsec static add filteraction name=DenyAction action=blockrem 创建一个链接指定 IPSec 策略、筛选器列表和筛选器操作的规则(加入规则到我的安全策略)netsh ipsec static add rule name=ALLowRule policy=Wall filterlist=ALLowWall filteraction=ALLowActionnetsh ipsec static add rule name=DenyRule policy=Wall filterlist=DenyWall filteraction=DenyActionrem 激活我的安全策略netsh ipsec static set policy name=Wall assign=ypause |
参考链接
https://www.cnblogs.com/Mrhuangrui/p/6587560.html
https://www.cnblogs.com/boltkiller/articles/4791632.html
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://zblog.hqyman.cn/post/9922.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
微信支付宝扫一扫,打赏作者吧~休息一下~~
萌ICP备20248119号
