高危端口屏蔽及查看端口是否关闭 - 网吧备忘录
通告:收集网吧无盘常见问题,关注网吧行业动态,唾弃和鄙视网吧垄断及恶意广告行为!

高危端口屏蔽及查看端口是否关闭

兽性大发 1683 0 条

echo 删除同名策略
netsh ipsec static delete policy ShieldDangerousPort

echo 生成策略中
netsh ipsec static add policy name=ShieldDangerousPort

echo 建立一个筛选器操作”阻止”
Netsh ipsec static add filteraction name = 阻止 action =block

echo 建立一个筛选器列表“可访问的终端列表”
Netsh ipsec static add filterlist name = ShieldDangerousPortFilter

Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=445 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=135 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=138 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=137 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=139 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1443 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1444 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=445 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=135 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=138 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=137 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=139 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1443 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1444 protocol=udp

echo 建立策略规则
Netsh ipsec static add rule name =阻止高危端口 Policy =ShieldDangerousPort filterlist =ShieldDangerousPortFilter filteraction = 阻止

echo 激活策略
netsh ipsec static set policy name = ShieldDangerousPort assign = y

以上改为批处理就可以了。封的端口为:TCP和UDP的135 137 138 139 445 1443 1444 duankou

查看445端口是否关闭:
netstat -ano -p tcp | find "445" >nul 2>nul && echo 445端口已开启 请尽快关闭端口 并打补丁 || echo 445端口未开启 您可以放心使用

与本文相关的文章


发表我的评论

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址