一、防火牆相關
配置“高級安全Windows防火牆”都可以使用:netsh advfirewall firewall。
dir=in|out,入站/出站規則
action=allow|block|bypass,設定這個規則是允許還是阻斷或者是跳過
program=<program path>],爲某應用程序設定規則
[service=<service short name>|any],爲某系統服務設定規則
[description=<string>],爲這個規則加一個說明描述
[localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>],指定本端IP地址
[remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>],指定遠端IP地址
[localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=any)],指定本端端口號,默認爲所有端口
[remoteport=0-65535|<port range>[,...]|any (default=any)],指定遠端端口號,默認爲所有端口
[protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|tcp|udp|any (default=any)],指定協議類型,默認爲所有協議
[interfacetype=wireless|lan|ras|any],可選參數,指定接口類型
[security=authenticate|authenc|authdynenc|authnoencap|notrequired(default=notrequired)],可選參數,指定加密訪問方式
關閉445端口,關閉其他端口,修改localport。
start=auto,MpsSvc服務開機啓動
state on,開啓防火牆
icmpsetting 8,放行ICMP
@echo off
color 0A
echo "state on firewall......"
sc config MpsSvc start=auto
netsh advfirewall set allprofiles state on
echo "start ICMP...."
netsh firewall set icmpsetting 8
echo "add port 445......"
netsh advfirewall firewall add rule name="close445tcp" protocol=TCP dir=in localport=445 action=block
netsh advfirewall firewall add rule name="close445udp" protocol=UDP dir=in localport=445 action=block
pause