标注:此脚本进行本地策略配置,设置后可防止“永恒之蓝”被其它机器感染和去感染其它机器,但不能避免从USB或者上网感染,所以还是得打补丁,详细可参考:https://technet.microsoft.com/zh-cn/library/security/MS17-010 链接可详细了解”永恒之蓝“
REM =================开始================
netsh ipsec static del policy windowsDBA
netsh ipsec static add policy name = windowsDBA
netsh ipsec static del filteraction FILTERblock
netsh ipsec static del filteraction FILTERPermit
netsh ipsec static add filteraction FILTERblock action =block
netsh ipsec static add filteraction FILTERPermit action =permit
netsh IPsec static del filterlist name = AllowList
netsh IPsec static del filterlist name = DenyList
netsh IPsec static add filterlist name = AllowList
netsh IPsec static add filterlist name = DenyList
REM 允许指定的IP访问3389端口
netsh IPsec static add filter filterlist = AllowList srcaddr = 192.168.1.1 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = AllowList srcaddr = 10.100.1.1 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = AllowList srcaddr = 192.168.2.2 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes
REM 禁止出入139、135、445端口
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 445 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 135 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 139 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 445 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 135 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 139 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 3389 protocol = TCP mirrored = yes
netsh ipsec static add rule name=AllowIPList policy=windowsDBA filterlist=AllowList filteraction=FILTERPermit
netsh ipsec static add rule name=DenyPortList policy=windowsDBA filterlist=DenyList filteraction=FILTERblock
netsh ipsec static set policy name = windowsDBA assign = y
pause文章最后更新时间: 2017年06月06日 05:09:58
分类文章统计
Python常见错误(3)
Python基础(10)
Django(5)
Flask(1)
Linux基础(6)
shell(11)
linux排障(4)
虚拟化(1)
Consul(3)
ProxySQL(7)
SequoiaDB(2)
TiDB(4)
Redis(2)
oracle(10)
MySQL(64)
常用软件(2)
硬件排障(2)
HTML(1)
JavaScript(1)
我们的作品(18)
windows(1)
总结(1)
按年文章统计
2013(43)
2014(19)
2015(25)
2016(6)
2017(30)
2018(7)
2019(17)
2020(4)
2021(4)
2023(1)
2024(3)
老版入口
亲,扫我吧!
友情链接
飞哥的:imbusy.me/
冰川的:www.mindg.cn
海洋的:hiaero.net
宏斌的:techindeep.com
若水的:nosa.me
段郎的:sixther.me
肥客联邦:fk68.net