windows 2003 禁止UDP的bat

时间:2016-09-25

新建 一个bat文件,复制如下内容到bat文件中,将文件名命名为drop-udp.bat


netsh ipsec static add policy name=dropudp
netsh ipsec static add filterlist name=allow-udp
netsh ipsec static add filterlist name=drop-udp

REM 添加筛选器到IP筛选器列表(允许上网)
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns访问 protocol=udp mirrored=yesdstport=53
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns访问 protocol=udp mirrored=yesdstport=123
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns访问 protocol=udp mirrored=yesdstport=161

REM 添加筛选器到IP筛选器列表(不让别人访问)
netsh ipsec static add filter filterlist=drop-udp srcaddr=any dstaddr=me description=别人到我任何访问 protocol=udp mirrored=yes

REM 添加筛选器操作
netsh ipsec static add filteraction name=allow-udp-port action=permit
netsh ipsec static add filteraction name=drop-udp-port action=block

REM 创建一个链接指定 IPSec 策略、筛选器列表和筛选器操作的规则(加入规则到我的安全策略)
netsh ipsec static add rule name=允许规则 policy=dropudp filterlist=allow-udp filteraction=allow-udp-port
netsh ipsec static add rule name=拒绝规则 policy=dropudp filterlist=drop-udp filteraction=drop-udp-port

REM 激活我的安全策略
netsh ipsec static setpolicy name=dropudp assign=y
 


保存后,双击运行即可
udp除53 DNS解析,161 snmp监控端口 及时间同步服务123这三个udp的端口外,禁用所有udp出入站连接

上一条:Win2003下通过IP安全策略限制udp-flood发包的批处理代码 下一条:Nginx HttpMemcModule和直接访问memcached效率对比测试

相关文章

最新文章