windows2003与window2008及以上版本的操作方法不同
一、Windowos2008及以上:
一:禁止所有1433端口 //建立一个名字叫BlockSQL的安全策略先 netsh ipsec static add policy name=BlockSQL //建立一个ip筛选器 netsh ipsec static add filterlist name=DenyAllTcp1433 //禁止任何人访问1433端口 netsh ipsec static add filter filterlist=DenyAllTcp1433 srcaddr=Any dstaddr=Me dstport=1433 protocol=TCP //建立一个筛选器操作 netsh ipsec static add filteraction name=DenyAct action=block //加入规则到安全策略BlockSQL netsh ipsec static add rule name=DenyAllTcp1433 policy=BlockSQL filterlist=DenyAllTcp1433 filteraction=DenyAct //激活策略组 netsh ipsec static set policy name=BlockSQL assign=y 二、授权访问1433端口 //建立一个名字叫BlockSQL的安全策略先 netsh ipsec static add policy name=BlockSQL //建立一个ip筛选器 netsh ipsec static add filterlist name=PASSTcp1433 //授权访问1433端口 netsh ipsec static add filter filterlist=PASSTcp1433 srcaddr=123.102.121.38 dstaddr=Me dstport=1433 protocol=TCP //建立一个筛选器操作 netsh ipsec static add filteraction name=AllowAct action=permit //加入规则到安全策略BlockSQL netsh ipsec static add rule name=PASSTcp1433 policy=BlockSQL filterlist=PASSTcp1433 filteraction=AllowAct //激活策略组 netsh ipsec static set policy name=BlockSQL assign=y
删除相关命令
//拒绝所有1433:删除规则 netsh ipsec static delete rule name = Block1433 policy = BlockSQL //拒绝所有1433:删除筛选器列表 netsh ipsec static delete filterlist name = DenyAllTcp1433 //拒绝所有1433:删除筛选器操作 netsh ipsec static delete filteraction name = DenyAct //接受1433端口:删除规则 netsh ipsec static delete rule name = PASS1433 policy = BlockSQL //接受1433端口:删除筛选器列表 netsh ipsec static delete filterlist name = PASSTcp1433 //接受1433端口:删除筛选器操作 netsh ipsec static delete filteraction name = AllowAct //取消指派 netsh ipsec static set policy name=BlockSQL assign=n //删除策略组 netsh ipsec static delete policy name=BlockSQL //接受1433端口:删除筛选器列表中的记录 netsh ipsec static delete filter filterlist=PASSTcp1433 srcaddr=123.123.123.123 dstaddr=Me dstport=1433 protocol=TCP //删除所有策略组 netsh ipsec static delete all
二、Windows2003:
参考:
http://blog.csdn.net/lpc_china/article/details/6944432
http://www.cnblogs.com/blacksword/archive/2013/04/08/3008833.html
http://blog.csdn.net/lpc_china/article/details/6944432
Win2008参考:
http://www.cnblogs.com/sfnz/p/5506670.html
http://blog.csdn.net/lpc_china/article/details/6944432
更详细的资料请参考微软的技术资源库:
Netsh Commands for Internet Protocol Security (IPsec)
连接如下:http://technet.microsoft.com/zh-cn/cc725926
备注:注意连接里的 Netsh Commands for Windows Firewall with Advanced Security.连接,他给你的帮助会更大;
评论回复