《系统防火墙管理设置》
为方便管理windows系统防火墙特写了这个批处理。
初次发布,请多关照。- @echo off
- rem 取得管理员权限(针对xp以后的系统)
- %1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
- cd /d %~dp0
- :start
- color b
- cls
- title 系统防火墙管理设置
- echo,
- echo,
- echo, 《系统防火墙管理设置》
- echo,
- echo ==========================================================================
- echo, 1:防火墙状态检测 2:关闭/开启防火墙 3:一键关闭/恢复文件共享端口
- echo,
- echo, 4:关闭/恢复3389端口 5:启用常规服务端口 6: 设置程序规则
- echo,
- echo, 7:设置端口规则 8: 设置ip规则 9: 添加例外端口
- echo,
- echo, 10:导出/导入配置 11:恢复默认策略 12:查询规则名称 13:删除规则
- echo,
- echo, 00:退出! 14: 打开系统防火墙控制台
- echo ==========================================================================
- echo,
- set num=
- set/p num=请输入设置项目序号[00,1-14]:
- if /I "%num%"=="" echo 输入为空,请重新输入! &pause&goto start
- echo %num%|findstr /be "[0-9]*" >nul && echo, || echo 输入有误,请重新输入! &&pause&&goto start
- if %num%==1 goto 1
- if %num%==2 goto 2
- if %num%==3 goto 3
- if %num%==4 goto 4
- if %num%==5 goto 5
- if %num%==6 goto 6
- if %num%==7 goto 7
- if %num%==8 goto 8
- if %num%==9 goto 9
- if %num%==10 goto 10
- if %num%==11 goto 11
- if %num%==12 goto 12
- if %num%==13 goto 13
- if %num%==14 goto 14
- if %num%==00 goto 00
- goto start
-
- :1
- rem 状态查询
- netsh advfirewall show allprofiles
- pause
- goto start
-
- :2
- rem 开启防火墙服务
- choice /C YN /n /m "启动防火墙输入 Y, 关闭防火墙输入 N [Y/N]:"
- if %errorlevel% equ 1 (sc config MpsSvc start= auto>nul 2>nul
- netsh advfirewall set allprofiles state on >nul 2>nul &&echo,已开启防火墙服务
- netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound >nul
- pause)
- if %errorlevel% equ 2 (netsh advfirewall set allprofiles state off >nul 2>nul
- sc config MpsSvc start= disabled >nul 2>nul &&echo,已关闭防火墙服务
- pause)
- goto start
-
- :3
- choice /C YN /n /m "一键关闭文件共享端口输入 Y, 一键恢复文件共享端口输入 N [Y/N]:"
- if %errorlevel% equ 1 ( REM 一键关闭文件共享端口
- netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul
- netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul
- netsh advfirewall firewall add rule name="deny-TCP-445,135,137,138,139" dir=in action=block protocol=TCP localport=445,135,137,138,139 >nul 2>nul
- netsh advfirewall firewall add rule name="deny-UDP-445,135,137,138,139" dir=in action=block protocol=UDP localport=445,135,137,138,139 >nul 2>nul
- echo, &echo,TCP^&UDP[445,135,137,138,139]端口已经关闭
- pause
- )
-
- if %errorlevel% equ 2 ( REM 一键恢复文件共享端口
- netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul
- netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul
- echo, &echo,TCP^&UDP[445,135,137,138,139]端口已经恢复
- pause
- )
- goto start
-
-
- :4
- rem 关闭/恢复3389端口
- choice /C YN /n /m "关闭3389端口输入 Y, 恢复3389端口输入 N [Y/N]:"
- if %errorlevel% equ 1 ( rem 阻止3389服务端口
- netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul
- netsh advfirewall firewall add rule name=block-server-3389 dir=in action=block protocol=TCP localport=3389 >nul 2>nul
- echo,TCP[3389]端口已经阻止
- pause)
- if %errorlevel% equ 2 ( rem 恢复3389服务策略
- netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul
- echo,TCP[3389]端口已经恢复
- pause)
- goto start
-
- :5
- rem 启用常规服务端口
- choice /C 123456789 /n /m "[1:Allow Ping] [2、FTP] [3、SSH] [4、Telnet] [5、mail] [6、HTTP HTTPS] [7、TFTP] >>>>>>>>>>>>>>>> 输入序号【1 / 2 / 3 ...】:"
- if %errorlevel% equ 1 ( netsh advfirewall firewall delete rule name="Allow Ping" protocol=icmpv4 >nul 2>nul
- netsh advfirewall firewall add rule name="Allow Ping" dir=in protocol=icmpv4 action=allow >nul 2>nul
- rem ICMP Allow incoming
- echo,Allow Ping
- pause)
- if %errorlevel% equ 2 ( netsh advfirewall firewall delete rule name="Allow FTP" protocol=TCP localport=20,21 >nul 2>nul
- netsh advfirewall firewall add rule name="Allow FTP" protocol=TCP dir=in localport=20,21 action=allow >nul 2>nul
- echo,Allow FTP
- pause)
- if %errorlevel% equ 3 ( netsh advfirewall firewall delete rule name="Allow SSH" protocol=TCP localport=22 >nul 2>nul
- netsh advfirewall firewall add rule name="Allow SSH" protocol=TCP dir=in localport=22 action=allow >nul 2>nul
- Echo,Allow SSH
- pause)
-
- if %errorlevel% equ 4 ( netsh advfirewall firewall delete rule name="Allow Telnet" protocol=TCP localport=23 >nul 2>nul
- netsh advfirewall firewall add rule name="Allow Telnet" protocol=TCP dir=in localport=23 action=allow >nul 2>nul
- echo,Allow Telnet
- pause)
-
- if %errorlevel% equ 5 ( netsh advfirewall firewall delete rule name="Allow mail" protocol=TCP localport=25,110 >nul 2>nul
- netsh advfirewall firewall add rule name="Allow mail" protocol=TCP dir=in localport=25,110 action=allow >nul 2>nul
- echo,Allow SMTP AND POP3
- pause)
-
- if %errorlevel% equ 6 ( netsh advfirewall firewall delete rule name="Allow HTTP and HTTPS" protocol=TCP localport=80,443 >nul 2>nul
- netsh advfirewall firewall add rule name="Allow HTTP and HTTPS" protocol=TCP dir=in localport=80,443 action=allow >nul 2>nul
- echo,Allow HTTP AND HTTPS
- pause)
- if %errorlevel% equ 7 ( netsh advfirewall firewall delete rule name="Allow TFTP" protocol=UDP localport=69 >nul 2>nul
- netsh advfirewall firewall add rule name="Allow TFTP" protocol=UDP dir=in localport=69 action=allow >nul 2>nul
- echo,Allow TFTP
- pause)
-
- goto start
-
-
- :6
- rem 设置程序规则
- rem 阻止%i%程序出站规则
- rem netsh advfirewall firewall del rule name="%i%">nul 2>nul
- rem netsh advfirewall firewall add rule name="%i%" program=%j% action=block dir=out>nul
- pause
- goto start
-
- :7
- rem 设置端口规则
- set name=
- set port=
- set protocol=
- set dir=
- set action=
- set /p name=定义一个规则名称(如 deny-TCP-445,Allow-tcp-3389):
- set /P action=允许还是阻止规则(如 allow/block):
- set /p port=输入要阻止的端口号(连续端口:1-65535;不连续端口:137,139,445):
- set /p protocol=协议类别(TCP/udp):
- echo 预制方向为:进入
- echo,
- netsh advfirewall firewall add rule name="%name%" dir=in protocol=%protocol% localport=%port% action=%action% >nul
- echo,------------------------------------------------------------------------
- echo,规则名为:[%name%] 动作为:%action% 方向为:进入 协议为:%protocol% 端口为:%port% 的阻止规则已经建立。
- echo,------------------------------------------------------------------------
- pause
- goto start
-
- :8
- rem 设置ip规则
- set name=
- set action=
- set remoteip=
- set /p name=起一个ip规则名称(如 deny-ip-1.1.1.1,Allow-ip-2.2.2.2):
- set /P action=允许还是阻止规则(如 allow/block):
- set /p remoteip=远程ip地址(如:8.8.8.8):
- echo 预制方向为:进入
- echo,
- netsh advfirewall firewall add rule name="%name%" dir=in action=%action% remoteip=%remoteip% >nul
- echo,------------------------------------------------------------------------
- echo,规则名为:[%name%] 动作为:%action% 方向为:进入 远程ip为:%remoteip% 的阻止规则已经建立。
- echo,------------------------------------------------------------------------
- pause
- goto start
-
- :9
- rem 下面添加要加入到例外的端口号
- rem 这里使用all,表示TCP与UDP.如果只是tcp或UDP,可以改成相应的
- set name=
- set port=
- set /p name=起一个例外规则名称(如 polycom-port-123):
- set /p port=指定例外的端口号(如 25;20-21)
- netsh firewall set portopening all %port% "%name%" enable
-
- rem 删除的方法把里面的set用delete代替,后面的名字和enable用空格代替
- rem netsh firewall delete portopening all 3230
- pause
- goto start
-
- :10
- rem 导出防火墙配置到文件
- choice /C YN /n /m "导出防火墙配置输入 Y, 恢复防火墙配置输入 N [Y/N]:"
- if %errorlevel% ==1 (IF EXIST exportfile.pol DEL /Q /F outfirewall.pol >NUL 2>NUL
- netsh advfirewall export ".\outfirewall.pol" >NUL
- echo,
- IF EXIST outfirewall.pol echo 防火墙配置文件导出成功
- FOR /F "delims==" %%i IN ('dir /b outfirewall.pol') DO @echo 文件位置%%~dpi%%i 生成时间%%~ti
- pause
- goto start
- )
- :importfile
- if %errorlevel% ==2 (
- echo, &echo 将导入文件名复制到当前目录并更名为infirewall.pol&pause
- if not exist infirewall.pol (
- echo,
- echo infirewall.pol文件不存在
- echo,
- goto importfile
- ) else (
- echo,
- netsh advfirewall import infirewall.pol >nul &&echo,防火配置文件导入成功!
- echo,
- pause)
- goto start
- )
-
- goto start
-
- :11
- rem 恢复防火墙默认策略
- netsh advfirewall reset
- echo,已经恢复为默认防火墙策略
- pause
- goto start
-
- :12
- rem 根据规则名称如xxxx查询内容
- netsh advfirewall firewall show rule name=all type=static verbose | find /i "规则名称:" >firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
- start notepad firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
- rem del firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
- set serfile=
- set /P serfile=输入查询规则名称:
- NETSH ADVFIREWALL FIREWALL SHOW RULE NAME="%serfile%" verbose
- pause
- goto start
-
- :13
- rem 删除规则
- echo,删除的规则名称可以通过[12:查询规则名称]找到
- echo,
- set delfile=
- set /P delfile=输入要删除的规则名称:
- netsh advfirewall firewall delete rule name="%delfile%">nul &&echo,已删除%delfile%规则
- echo,
- pause
- goto start
-
- :14
- echo,稍等片刻......
- ping -n 2 127.0.0.1>nul
- start %windir%\system32\WF.msc
- goto start
-
- :00
- exit
转自:http://cndos.fam.cx/forum/viewthread.php?tid=55252&fpage=2 |
发表于 2020-5-27 14:14
| 