lxzzr
初级用户
积分 27
发帖 12
注册 2008-4-26
状态 离线
|
『楼 主』:
批处理结合IPSec策略制作windows防火墙
能否用批处理结合IPSec策略制作windows防火墙?
我的代码如下:
@echo off
setlocal enabledelayedexpansion
set dat=%date:~0,10% %time:~0,5%
if not exist temp md temp & echo 创建时间: %dat%>temp\lxz.log
wmic SERVICE where "Name='policyagent'" call ChangeStartMode >nul 2>nul
wmic Service where name="policyagent" call stopservice >nul 2>nul
wmic Service where name="policyagent" call startservice|find /i "ReturnValue = 0;" ||echo policyagent服务成功无法启动,程序退出! >>temp\lxz.log&&exit
echo %date:~0,10% %time:~0,5% 启动IPSEC服务..........成功! >>temp\lxz.log
if not exist %windir%\system32\WSHom.Ocx echo WSHom.Ocx文件丢失,程序退出! >>temp\lxz.log&&exit
if not exist %windir%\system32\find.exe echo find.exe文件丢失,程序退出! >>temp\lxz.log&&exit
if not exist ipseccmd.exe echo ipseccmd.exe文件丢失,程序退出! >>temp\lxz.log&&exit
if not exist ipseckill.exe echo ipseckill.exe文件丢失,程序退出! >>temp\lxz.log&&exit
if not exist %windir%\system32\cscript.exe echo cscript.exe文件丢失,程序退出! >>temp\lxz.log&&exit
echo %date:~0,10% %time:~0,5% 文件完整性检测.........完毕! >>temp\lxz.log
regsvr32 %windir%\system32\WSHom.Ocx /s
echo %date:~0,10% %time:~0,5% 启动程序...............成功! >>temp\lxz.log
echo MsgBox"防火墙成功启动!",64,"提示!">>temp\ok.vbs
call temp\ok.vbs
del temp\ok.vbs /q
wmic process where name='IPSec_Firewall.exe' delete >nul
:start
if not exist temp\sleep.vbs echo wscript.sleep 5500>temp\sleep.vbs
cscript temp\sleep.vbs >nul
for /F "tokens=1,2,3,4,5 delims= " %%a in ('netstat -no^|find /i "ESTABLISHED"') do (
call :file_all %%a %%b %%c %%d %%e
rem 先在日志中寻找这个用应程序的名字,找不到就报警
rem 分析日志中出现这个用应程序的名字的最后一行,如果其最后一个字符不是“放行”就报警,将第7个字符!pid!设为okpid
rem 如果现在的这个用应程序的PID不等于okpid就报警
rem
rem 这些个过滤规则实在是不知道怎么写,当然,这绝对比不上那些专业的防火墙,启发思维而已!!!!
rem
find /i "!Name!" temp\lxz.log>nul&if errorlevel 1 call :all
for /f "tokens=7,10 delims=:" %%a in ('find /i "!Name!" temp\lxz.log') do (
for /f "tokens=1 delims= " %%i in ("%%a") do set okpid=%%i
set ok=%%b
)
if not !pid! == !okpid! call :all
if "!ok!" == "用户取消" call :all
if "!ok!" == "阻止" call :block
)
goto :start
:file_all
set xieyi=%1
set pid=%5
for /F "tokens=1,2 delims=:" %%a in ("%2") do (
set bip=%%a
set bd=%%b
)
for /F "tokens=1,2 delims=:" %%i in ("%3") do (
set yip=%%i
set yd=%%j
)
for /F "skip=1 usebackq tokens=1,2 delims= " %%x in (`"wmic process where ProcessId='%5' get name 2>nul"`) do set "Name=%%x"
goto :eof
:all
ipseccmd -p "!Name!-!xieyi!-!bd!-!yd!-!yip!-!PID!" -r "BLOCK other !Name!-!xieyi!-!bd!" -f "!yip!"+0:"!bd!":"!xieyi!" -n BLOCK -w reg -x >nul 2>nul
gpupdate>nul
echo set os = CreateoBject^("wscript.shell"^)>>temp\lxz.vbs
echo a=msgbox^("本机IP:!bip! 本地端口:!bd! 远程IP:!yip! 远程端口:!yd! 进程PID:!PID!,是否允许?",3,"应用程序!Name!试图以!xieyi!协议访问网络!"^)>>temp\lxz.vbs
echo if a=6 then>>temp\lxz.vbs
echo os.run "cmd.exe /c echo y>temp\lxz.txt",0,true>>temp\lxz.vbs
echo else if a=7 then>>temp\lxz.vbs
echo os.run "cmd.exe /c echo n>temp\lxz.txt",0,true>>temp\lxz.vbs
echo else if a=2 then>>temp\lxz.vbs
echo os.run "cmd.exe /c echo a>temp\lxz.txt",0,true>>temp\lxz.vbs
echo end if>>temp\lxz.vbs
echo end if>>temp\lxz.vbs
echo end if>>temp\lxz.vbs
call temp\lxz.vbs
del temp\lxz.vbs /q
set /p xuan=<temp\lxz.txt
if /i "!xuan!" == "y" (
del temp\lxz.txt /q
ipseccmd -p "!Name!-!xieyi!-!bd!-!yd!-!yip!-!PID!" -w reg -y -o
ipseccmd -p "!Name!-!xieyi!-!bd!-!yd!-!yip!-!PID!" -r "BLOCK other !Name!-!xieyi!-!bd!" -f "!yip!"+0:"!bd!":"!xieyi!" -n PASS -w reg -x
echo %date:~0,10% %time:~0,5% 本机IP:!bip! 本地端口:!bd! 远程IP:!yip! 远程端口:!yd! 进程PID:!PID! 应用程序:!Name! 协议:!xieyi! 策略:放行>>temp\lxz.log
gpupdate>nul
) else (
if /i "!xuan!" == "n" (
del temp\lxz.txt /q
for /f "tokens=1 delims= " %%a in ('ipseckill -l ^|find /i "!bd!"') do ipseckill -k %%a
echo %date:~0,10% %time:~0,5% 本机IP:!bip! 本地端口:!bd! 远程IP:!yip! 远程端口:!yd! 进程PID:!PID! 应用程序:!Name! 协议:!xieyi! 策略:阻止>>temp\lxz.log
gpupdate>nul
) else (
if /i "!xuan!" == "a" (
del temp\lxz.txt /q
ipseccmd -p "!Name!-!xieyi!-!bd!-!yd!-!yip!-!PID!" -w reg -y -o
echo %date:~0,10% %time:~0,5% 本机IP:!bip! 本地端口:!bd! 远程IP:!yip! 远程端口:!yd! 进程PID:!PID! 应用程序:!Name! 协议:!xieyi! 策略:用户取消>>temp\lxz.log
gpupdate>nul
)
)
)
goto :start
:block
for /f "tokens=1 delims= " %%a in ('ipseckill -l ^|find /i "!bd!"') do ipseckill -k %%a
ipseccmd -p "!Name!-!xieyi!-!bd!-!yd!-!yip!-!PID!" -r "BLOCK other !Name!-!xieyi!-!bd!" -f "!yip!"+0:"!bd!":"!xieyi!" -n BLOCK -w reg -x >nul 2>nul
goto :eof
rem 两个exe文件:ipseccmd.exe、ipseckill.exe怎么上传不了??????
一个是用来配置IPSec策略的,一个是用来杀指定连接的
|
|
