dos批处理设置ipsec安全策略的实例代码

发布时间:2019-08-01编辑:脚本学堂
本文介绍下,用dos批处理脚本设置ipsec策略的一个例子,有需要的朋友,参考下吧。

用dos批处理脚本实现ipsec安全策略的配置。代码如下:
 

复制代码 代码示例:
REM ===开始===
netsh ipsec static --
add policy name=MyIPsec
REM 添加2个动作,block和permit
netsh ipsec static --
add filteraction name=Permit action=permit
netsh ipsec static --
add filteraction name=Block action=block
REM 首先禁止所有访问
netsh ipsec static --
add filterlist name=AllAccess
netsh ipsec static --
add filter filterlist=AllAccess srcaddr=Me dstaddr=Any
netsh ipsec static --
add rule name=BlockAllAccess policy=MyIPsec filterlist=AllAccess filteraction=Block
REM 开放某些IP无限制访问,含其他服务器
netsh ipsec static --
add filterlist name=UnLimitedIP
netsh ipsec static --
add filter filterlist=UnLimitedIP srcaddr=221.135.139.124 dstaddr=Me
netsh ipsec static --
add filter filterlist=UnLimitedIP srcaddr=221.122.56.127 dstaddr=Me
netsh ipsec static --
add rule name=AllowUnLimitedIP policy=MyIPsec filterlist=UnLimitedIP filteraction=Permit
REM 开放某些端口,包括web,ftp,远程桌面
netsh ipsec static --
add filterlist name=OpenSomePort
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=20 protocol=TCP
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=21 protocol=TCP
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=80 protocol=TCP
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=3389 protocol=TCP
REM 开放Ping协议
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me protocol=ICMP
REM 增加PCanywhere端口
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=5631 protocol=TCP
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=5632 protocol=UDP
REM 增加Serv-U的Pasv端口
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=7801 protocol=TCP
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=7802 protocol=TCP
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=7803 protocol=TCP
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=7804 protocol=TCP
netsh ipsec static --
add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=7805 protocol=TCP
netsh ipsec static --
add rule name=AllowOpenSomePort policy=MyIPsec filterlist=OpenSomePort filteraction=Permit
REM 开放某些ip可以访问某些端口
netsh ipsec static --
add filterlist name=SomeIPSomePort
netsh ipsec static --
add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=80 protocol=TCP
REM Windows自动更新端口 和Symantec 更新
netsh ipsec static --
add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=443 protocol=TCP
REM DNS端口
netsh ipsec static --
add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=53 protocol=TCP
netsh ipsec static --
add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=53 protocol=UDP
REM 时间同步端口
netsh ipsec static --www.jb200.com
add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=123 protocol=TCP
netsh ipsec static --
add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=123 protocol=UDP
REM Symantec病毒自动更新
netsh ipsec static --
add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=443 protocol=TCP
netsh ipsec static --
REM 其他服务器访问SQLServer
add filter filterlist=SomeIPSomePort srcaddr=212.135.167.112 dstaddr=Me dstport=1433 protocol=TCP
netsh ipsec static --
add rule name=AllowSomeIPSomePort policy=MyIPsec filterlist=SomeIPSomePort filteraction=Permit
Pause