Windows XP Windows 7 Windows 2003 Windows Vista Windows教程綜合 Linux 系統教程
Windows 10 Windows 8 Windows 2008 Windows NT Windows Server 電腦軟件教程
 Windows教程網 >> 電腦軟件教程 >> 服務器技術 >> 關於服務器 >> Windows server 2003服務器設置IP安全策略

Windows server 2003服務器設置IP安全策略

日期:2017/2/8 10:21:17      編輯:關於服務器

常用端口

20 ftp傳送端口

21 ftp控制端口

53 nds服務端口tcp/utp

80 web服務端口

161 snmp服務端口

1433 mssql

3306 mysql

3389 遠程連接

 

#=====================腳本開始=====================

  netsh ipsec static add policy name="10互聯默認ip策略" description="本地可以上網,並開放常用端口."

  

#=====================添加策略允許雙向ping=============

    netsh ipsec static add filter filterlist="所有ICMP 通訊" srcaddr=me srcmask=255.255.255.255 dstaddr=Any protocol=ICMP

    netsh ipsec static add rule name="所有ICMP 通訊" policy="10互聯默認ip策略" filterlist="所有ICMP 通訊"  filteraction="許可"

#=====================添加2個動作,block和permit(拒絕和允許)==

  netsh ipsec static add filteraction name=Permit action=permit

  netsh ipsec static add filteraction name=Block action=block

#===開放某些IP無限制訪問任何的端口(UnLimitedIP)ip為125.76.233.185可以訪問服務器的任何的端口===

  netsh ipsec static add filterlist name=UnLimitedIP description="開放某些IP無限制訪問任何的端口"

  netsh ipsec static add filter filterlist=UnLimitedIP srcaddr=125.76.233.185 dstaddr=Me

  netsh ipsec static add rule name=AllowUnLimitedIP policy="10互聯默認ip策略" filterlist=UnLimitedIP filteraction=Permit

#===開放某些ip可以訪問某些端口(SomeIPSomePort)ip為125.76.233.185可以訪問3389端口,自己可以上網用到對方的80和53端口

  netsh ipsec static add filterlist name=SomeIPSomePort description="開放某些ip可以訪問某些端口"

  netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=80 protocol=TCP

  netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=53 protocol=UDP

  netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=53 protocol=TCP  

  netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=125.76.233.185 dstaddr=Me dstport=3389 protocol=TCP

  netsh ipsec static add rule name=AllowSomeIPSomePort policy="10互聯默認ip策略" filterlist=SomeIPSomePort filteraction=Permit

#===開放一些服務需要的端口(OpenSomePort)所有的端口可以是用網站+ftp+遠程服務=====================

  netsh ipsec static add filterlist name=OpenSomePort description="開放一些服務需要的端口"

  netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=20 protocol=TCP

  netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=21 protocol=TCP

  netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=80 protocol=TCP

  netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=1433 protocol=TCP

  netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=3306 protocol=TCP

  netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=3389 protocol=TCP

  netsh ipsec static add rule name=AllowOpenSomePort policy="10互聯默認ip策略" filterlist=OpenSomePort filteraction=Permit

#===禁止所有訪問(AllAccess)=====================

  netsh ipsec static add filterlist name=AllAccess

  netsh ipsec static add filter filterlist=AllAccess srcaddr=Me dstaddr=Any

  netsh ipsec static add rule name=BlockAllAccess policy="10互聯默認ip策略" filterlist=AllAccess filteraction=Block

#===激活這個策略=====================

  netsh ipsec static set policy name="10互聯默認ip策略" assign=y

Copyright © Windows教程網 All Rights Reserved