6.6

  博客园 :: 首页 :: 新随笔 :: 联系 :: 订阅 :: 管理 ::

ipsec.bat 例子


netsh ipsec static Add filterlist name = "service allow"

rem remote desktopXadmin
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.6.0 dstaddr=Me description="remote mradmin" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=3389
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.6.10 dstaddr=Me description="remote xsadmin" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=3389
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.6.0 dstaddr=Me description="remote mradmin" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=7029
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.6.10 dstaddr=Me description="remote xsadmin" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=7029

rem baoleiji
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.100.235 dstaddr=Me description="remote baoleiji" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=3389
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.100.236 dstaddr=Me description="remote baoleiji" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=3389
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.100.236 dstaddr=Me description="remote baoleiji" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.100.235 dstaddr=Me description="remote baoleiji" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.100.235 dstaddr=Me description="remote baoleiji" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=5631
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.100.235 dstaddr=Me description="remote baoleiji" protocol=UDP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=5632
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.100.236 dstaddr=Me description="remote baoleiji" protocol=TCP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=5631
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.100.236 dstaddr=Me description="remote baoleiji" protocol=UDP mirrored=yes srcmask=255.255.255.0 dstmask=32 srcport=0 dstport=5632

rem wsus,epo,ntp,mocha
netsh ipsec static Add filter filterlist="service allow" srcaddr=Me dstaddr=192.168.3.60 description="To epo server" protocol=any mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=0
netsh ipsec static Add filter filterlist="service allow" srcaddr=Me dstaddr=192.168.3.1 description="To ntp server" protocol=any mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=0
netsh ipsec static Add filter filterlist="service allow" srcaddr=Me dstaddr=192.168.3.33 description="To wsus server" protocol=any mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=0
netsh ipsec static Add filter filterlist="service allow" srcaddr=Me dstaddr=192.168.3.67 description="To mocha" protocol=any mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=0

rem sql TO IP-SAN
netsh ipsec static Add filter filterlist="service allow" srcaddr=Me dstaddr=172.25.3.89 description="To IP-SAN" protocol=any mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=0

rem sql from XS
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.0.27 dstaddr=Me description="To SQL0.27" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.0.122 dstaddr=Me description="To SQL0.122" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=192.168.0.29 dstaddr=Me description="To SQL0.29" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433

rem sql from MR
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.3.60 dstaddr=Me description="from SQL3.60" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.3.61 dstaddr=Me description="from SQL3.61" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.3.62 dstaddr=Me description="from SQL3.62" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.3.63 dstaddr=Me description="from SQL3.63" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.3.64 dstaddr=Me description="from SQL3.64" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.3.57 dstaddr=Me description="from SQL3.57" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.3.58 dstaddr=Me description="from SQL3.58" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.15.43 dstaddr=Me description="from SQL15.43" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1433

rem sql from antoher
netsh ipsec static Add filter filterlist="service allow" srcaddr=Me dstaddr=172.25.3.59 description="60to59" protocol=any mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=0
netsh ipsec static Add filter filterlist="service allow" srcaddr=Me dstaddr=172.25.3.60 description="59to60" protocol=any mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=0

rem server from 8080
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.15.30 dstaddr=Me description="15D30from8080" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=8080
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.15.33 dstaddr=Me description="15D33from8080" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=8080

rem server from 1521
netsh ipsec static Add filter filterlist="service allow" srcaddr=172.25.15.39 dstaddr=Me description="15D39from1521" protocol=tcp mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=1521

netsh ipsec static Add filterlist name = "service block"
rem block other ip communication
netsh ipsec static Add filter filterlist="service block" srcaddr=Any dstaddr=Me description="all ip comunication" protocol=any mirrored=yes srcmask=32 dstmask=32 srcport=0 dstport=0

netsh ipsec static Add filterlist name = "icmp allow"
rem allow icmp communication
netsh ipsec static Add filter filterlist="icmp allow" srcaddr=Any dstaddr=Me description="all icmp comunication" protocol=icmp mirrored=yes srcmask=32 dstmask=32

rem policy rule
netsh ipsec static Add policy name = "MR_CRM_plc"
netsh ipsec static Add filteraction name = "block" action = block
netsh ipsec static Add filteraction name = "permit" action = permit
netsh ipsec static Add rule name = allow_service policy = "MR_CRM_plc" filterlist = "service allow" filteraction="permit"
netsh ipsec static Add rule name = block_ip policy = "MR_CRM_plc" filterlist = "service block" filteraction="block"
netsh ipsec static Add rule name = allow_icmp policy = "MR_CRM_plc" filterlist = "icmp allow" filteraction="permit"

posted on 2012-06-14 20:01  6.6  阅读(273)  评论(0)    收藏  举报