**标注:**此脚本进行本地策略配置,设置后可防止“永恒之蓝”被其它机器感染和去感染其它机器,但不能避免从USB或者上网感染,所以还是得打补丁,详细可参考:[https://technet.microsoft.com/zh-cn/library/security/MS17-010](https://technet.microsoft.com/zh-cn/library/security/MS17-010)
链接可详细了解”[永恒之蓝](http://baike.baidu.com/item/WannaCry/20797421?fr=aladdin&fromtitle=%E6%B0%B8%E6%81%92%E4%B9%8B%E8%93%9D&fromid=4951714)“
####
REM =================开始================
netsh ipsec static del policy windowsDBA
netsh ipsec static add policy name = windowsDBA
netsh ipsec static del filteraction FILTERblock
netsh ipsec static del filteraction FILTERPermit
netsh ipsec static add filteraction FILTERblock action =block
netsh ipsec static add filteraction FILTERPermit action =permit
netsh IPsec static del filterlist name = AllowList
netsh IPsec static del filterlist name = DenyList
netsh IPsec static add filterlist name = AllowList
netsh IPsec static add filterlist name = DenyList
REM 允许指定的IP访问3389端口
netsh IPsec static add filter filterlist = AllowList srcaddr = 192.168.1.1 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = AllowList srcaddr = 10.100.1.1 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = AllowList srcaddr = 192.168.2.2 dstaddr = me dstport = 3389 description = vpn protocol = TCP mirrored = yes
REM 禁止出入139、135、445端口
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 445 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 135 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 139 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 445 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 135 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =me dstaddr = any dstport = 139 protocol = TCP mirrored = yes
netsh IPsec static add filter filterlist = DenyList srcaddr =any dstaddr = me dstport = 3389 protocol = TCP mirrored = yes
netsh ipsec static add rule name=AllowIPList policy=windowsDBA filterlist=AllowList filteraction=FILTERPermit
netsh ipsec static add rule name=DenyPortList policy=windowsDBA filterlist=DenyList filteraction=FILTERblock
netsh ipsec static set policy name = windowsDBA assign = y
pause
文章最后更新时间:
2017年06月06日 05:09:58
When someone writes an article he/she retains the image of a user in his/her brain that how a user can understand it. So that’s why this article is perfect. Thanks!
It’s impressive that you are getting thoughts from this piece of writing as well as from our argument made here.
YouTube is world's biggest video sharing website, no one can defeat it. Every one add video clips at YouTube after that obtain embed code and post anyplace.
Hello dear, are you enjoying with this comical YouTube video? Hmmm, that’s nice, I am also watching this YouTube humorous video at the moment.
If you apply such methods for increasing traffic on your own website, I am as expected you will notice the variation in few days.
Hi there buddy, what a quality is! For this YouTube video, I am in fact happy, as I have never seen pleasant quality YouTube video earlier than,
Hi there, for all time i used to check web site posts here early in the daylight, as i like to find out more and more.
Hahahaha, what a comical this YouTube video is! We are still laughing, thanks to admin who had posted at this site.
What a video it is! In fact remarkable and nice quality, please upload more video clips having such pleasant quality. Thanks.
ed pills