windows 2003 禁止UDP的bat

netsh ipsec static add policy name=dropudp
netsh ipsec static add filterlist name=allow-udp
netsh ipsec static add filterlist name=drop-udp

REM 添加筛选器到IP筛选器列表(允许上网)
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns访问 protocol=udp mirrored=yesdstport=53
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns访问 protocol=udp mirrored=yesdstport=123
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns访问 protocol=udp mirrored=yesdstport=161

REM 添加筛选器到IP筛选器列表(不让别人访问)
netsh ipsec static add filter filterlist=drop-udp srcaddr=any dstaddr=me description=别人到我任何访问 protocol=udp mirrored=yes

REM 添加筛选器操作
netsh ipsec static add filteraction name=allow-udp-port action=permit
netsh ipsec static add filteraction name=drop-udp-port action=block

REM 创建一个链接指定 IPSec 策略、筛选器列表和筛选器操作的规则(加入规则到我的安全策略)
netsh ipsec static add rule name=允许规则 policy=dropudp filterlist=allow-udp filteraction=allow-udp-port
netsh ipsec static add rule name=拒绝规则 policy=dropudp filterlist=drop-udp filteraction=drop-udp-port

REM 激活我的安全策略
netsh ipsec static setpolicy name=dropudp assign=y