**标注:**此脚本进行本地策略配置,设置后可防止“永恒之蓝”被其它机器感染和去感染其它机器,但不能避免从USB或者上网感染,所以还是得打补丁,详细可参考:[https://technet.microsoft.com/zh-cn/library/security/MS17-010](https://technet.microsoft.com/zh-cn/library/security/MS17-010)
链接可详细了解”[永恒之蓝](http://baike.baidu.com/item/WannaCry/20797421?fr=aladdin&fromtitle=%E6%B0%B8%E6%81%92%E4%B9%8B%E8%93%9D&fromid=4951714)“
####
REM =================开始================
netsh ipsec static del policy windowsDBA
netsh ipsec static add policy name = windowsDBA
netsh ipsec static del filteraction FILTERblock
netsh ipsec static del filteraction FILTERPermit
netsh ipsec static add filteraction FILTERblock action =block
netsh ipsec static add filteraction FILTERPermit action =permit
netsh IPsec static del filterlist name = AllowList
netsh IPsec static del filterlist name = DenyList
netsh IPsec static add filterlist name = AllowList
netsh IPsec static add filterlist name = DenyList
REM 允许指定的IP访问3389端口
netsh IPsec static add filter filterlist = AllowList srcaddr = 192.168.1.1 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = AllowList srcaddr = 10.100.1.1 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = AllowList srcaddr = 192.168.2.2 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes
REM 禁止出入139、135、445端口
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 445 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 135 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 139 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 445 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 135 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 139 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 3389 protocol = TCP mirrored = yes
netsh ipsec static add rule name=AllowIPList policy=windowsDBA filterlist=AllowList filteraction=FILTERPermit
netsh ipsec static add rule name=DenyPortList policy=windowsDBA filterlist=DenyList filteraction=FILTERblock
netsh ipsec static set policy name = windowsDBA assign = y
pause
文章最后更新时间:
2017年06月06日 05:09:58
online casino online slots online slots real money casino casino games
casino online for fun online casinos for us players free real money casino no deposit casino online loc us casinos online
canadianpharmaciesbnt.com canadian drug store
top diet pills best weight loss pills for women supplements for weight loss whats the best weight loss supplement weight loss drug
weight loss prescription drugs best weight loss supplement best weight loss products best weight loss pills best prescription weight loss medication
weight loss pills for women prescription weight loss medication weight loss supplements for women best appetite suppressant best weight loss products
weight loss injections new weight loss medication best diet pill weight loss medications prescription diet pills
diet pills that work diet pills that really work diet supplements that work natural weight loss supplements alli weight loss reviews
new weight loss medication appetite suppressant supplements for weight loss diet pills that really work best weight loss supplement
Incredible all kinds of great material! cialismsnntx.com cialis and viagra