一、防火墙相关
配置“高级安全Windows防火墙”都可以使用:netsh advfirewall firewall。
dir=in|out,入站/出站规则
action=allow|block|bypass,设定这个规则是允许还是阻断或者是跳过
program=<program path>],为某应用程序设定规则
[service=<service short name>|any],为某系统服务设定规则
[description=<string>],为这个规则加一个说明描述
[localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>],指定本端IP地址
[remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>],指定远端IP地址
[localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=any)],指定本端端口号,默认为所有端口
[remoteport=0-65535|<port range>[,...]|any (default=any)],指定远端端口号,默认为所有端口
[protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|tcp|udp|any (default=any)],指定协议类型,默认为所有协议
[interfacetype=wireless|lan|ras|any],可选参数,指定接口类型
[security=authenticate|authenc|authdynenc|authnoencap|notrequired(default=notrequired)],可选参数,指定加密访问方式
关闭445端口,关闭其他端口,修改localport。
start=auto,MpsSvc服务开机启动
state on,开启防火墙
icmpsetting 8,放行ICMP
@echo off
color 0A
echo "state on firewall......"
sc config MpsSvc start=auto
netsh advfirewall set allprofiles state on
echo "start ICMP...."
netsh firewall set icmpsetting 8
echo "add port 445......"
netsh advfirewall firewall add rule name="close445tcp" protocol=TCP dir=in localport=445 action=block
netsh advfirewall firewall add rule name="close445udp" protocol=UDP dir=in localport=445 action=block
pause
来源:51CTO
作者:v_fanyunxiao
链接:https://blog.51cto.com/fandecorator/2482534