goltaxhs
新手上路
积分 8
发帖 8
注册 2017-8-21
状态 离线
|
『楼 主』:
[原创] 《系统防火墙管理设置》
为方便管理windows系统防火墙特写了这个批处理。
初次发布,请多关照。
@echo off
rem 取得管理员权限(针对xp以后的系统)
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d %~dp0
:start
color b
cls
title 系统防火墙管理设置
echo,
echo,
echo, 《系统防火墙管理设置》
echo,
echo ==========================================================================
echo, 1:防火墙状态检测 2:关闭/开启防火墙 3:一键关闭/恢复文件共享端口
echo,
echo, 4:关闭/恢复3389端口 5:启用常规服务端口 6: 设置程序规则
echo,
echo, 7:设置端口规则 8: 设置ip规则 9: 添加例外端口
echo,
echo, 10:导出/导入配置 11:恢复默认策略 12:查询规则名称 13:删除规则
echo,
echo, 00:退出! 14: 打开系统防火墙控制台
echo ==========================================================================
echo,
set num=
set/p num=请输入设置项目序号[00,1-14]:
if /I "%num%"=="" echo 输入为空,请重新输入! &pause&goto start
echo %num%|findstr /be "[0-9]*" >nul && echo, || echo 输入有误,请重新输入! &&pause&&goto start
if %num%==1 goto 1
if %num%==2 goto 2
if %num%==3 goto 3
if %num%==4 goto 4
if %num%==5 goto 5
if %num%==6 goto 6
if %num%==7 goto 7
if %num%==8 goto 8
if %num%==9 goto 9
if %num%==10 goto 10
if %num%==11 goto 11
if %num%==12 goto 12
if %num%==13 goto 13
if %num%==14 goto 14
if %num%==00 goto 00
goto start
:1
rem 状态查询
netsh advfirewall show allprofiles
pause
goto start
:2
rem 开启防火墙服务
choice /C YN /n /m "启动防火墙输入 Y, 关闭防火墙输入 N [Y/N]:"
if %errorlevel% equ 1 (sc config MpsSvc start= auto>nul 2>nul
netsh advfirewall set allprofiles state on >nul 2>nul &&echo,已开启防火墙服务
netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound >nul
pause)
if %errorlevel% equ 2 (netsh advfirewall set allprofiles state off >nul 2>nul
sc config MpsSvc start= disabled >nul 2>nul &&echo,已关闭防火墙服务
pause)
goto start
:3
choice /C YN /n /m "一键关闭文件共享端口输入 Y, 一键恢复文件共享端口输入 N [Y/N]:"
if %errorlevel% equ 1 ( REM 一键关闭文件共享端口
netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul
netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul
netsh advfirewall firewall add rule name="deny-TCP-445,135,137,138,139" dir=in action=block protocol=TCP localport=445,135,137,138,139 >nul 2>nul
netsh advfirewall firewall add rule name="deny-UDP-445,135,137,138,139" dir=in action=block protocol=UDP localport=445,135,137,138,139 >nul 2>nul
echo, &echo,TCP^&UDP[445,135,137,138,139]端口已经关闭
pause
)
if %errorlevel% equ 2 ( REM 一键恢复文件共享端口
netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul
netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul
echo, &echo,TCP^&UDP[445,135,137,138,139]端口已经恢复
pause
)
goto start
:4
rem 关闭/恢复3389端口
choice /C YN /n /m "关闭3389端口输入 Y, 恢复3389端口输入 N [Y/N]:"
if %errorlevel% equ 1 ( rem 阻止3389服务端口
netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul
netsh advfirewall firewall add rule name=block-server-3389 dir=in action=block protocol=TCP localport=3389 >nul 2>nul
echo,TCP[3389]端口已经阻止
pause)
if %errorlevel% equ 2 ( rem 恢复3389服务策略
netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul
echo,TCP[3389]端口已经恢复
pause)
goto start
:5
rem 启用常规服务端口
choice /C 123456789 /n /m "[1:Allow Ping] [2、FTP] [3、SSH] [4、Telnet] [5、mail] [6、HTTP HTTPS] [7、TFTP] >>>>>>>>>>>>>>>> 输入序号【1 / 2 / 3 ...】:"
if %errorlevel% equ 1 ( netsh advfirewall firewall delete rule name="Allow Ping" protocol=icmpv4 >nul 2>nul
netsh advfirewall firewall add rule name="Allow Ping" dir=in protocol=icmpv4 action=allow >nul 2>nul
rem ICMP Allow incoming
echo,Allow Ping
pause)
if %errorlevel% equ 2 ( netsh advfirewall firewall delete rule name="Allow FTP" protocol=TCP localport=20,21 >nul 2>nul
netsh advfirewall firewall add rule name="Allow FTP" protocol=TCP dir=in localport=20,21 action=allow >nul 2>nul
echo,Allow FTP
pause)
if %errorlevel% equ 3 ( netsh advfirewall firewall delete rule name="Allow SSH" protocol=TCP localport=22 >nul 2>nul
netsh advfirewall firewall add rule name="Allow SSH" protocol=TCP dir=in localport=22 action=allow >nul 2>nul
Echo,Allow SSH
pause)
if %errorlevel% equ 4 ( netsh advfirewall firewall delete rule name="Allow Telnet" protocol=TCP localport=23 >nul 2>nul
netsh advfirewall firewall add rule name="Allow Telnet" protocol=TCP dir=in localport=23 action=allow >nul 2>nul
echo,Allow Telnet
pause)
if %errorlevel% equ 5 ( netsh advfirewall firewall delete rule name="Allow mail" protocol=TCP localport=25,110 >nul 2>nul
netsh advfirewall firewall add rule name="Allow mail" protocol=TCP dir=in localport=25,110 action=allow >nul 2>nul
echo,Allow SMTP AND POP3
pause)
if %errorlevel% equ 6 ( netsh advfirewall firewall delete rule name="Allow HTTP and HTTPS" protocol=TCP localport=80,443 >nul 2>nul
netsh advfirewall firewall add rule name="Allow HTTP and HTTPS" protocol=TCP dir=in localport=80,443 action=allow >nul 2>nul
echo,Allow HTTP AND HTTPS
pause)
if %errorlevel% equ 7 ( netsh advfirewall firewall delete rule name="Allow TFTP" protocol=UDP localport=69 >nul 2>nul
netsh advfirewall firewall add rule name="Allow TFTP" protocol=UDP dir=in localport=69 action=allow >nul 2>nul
echo,Allow TFTP
pause)
goto start
:6
rem 设置程序规则
rem 阻止%i%程序出站规则
rem netsh advfirewall firewall del rule name="%i%">nul 2>nul
rem netsh advfirewall firewall add rule name="%i%" program=%j% action=block dir=out>nul
pause
goto start
:7
rem 设置端口规则
set name=
set port=
set protocol=
set dir=
set action=
set /p name=定义一个规则名称(如 deny-TCP-445,Allow-tcp-3389):
set /P action=允许还是阻止规则(如 allow/block):
set /p port=输入要阻止的端口号(连续端口:1-65535;不连续端口:137,139,445):
set /p protocol=协议类别(TCP/udp):
echo 预制方向为:进入
echo,
netsh advfirewall firewall add rule name="%name%" dir=in protocol=%protocol% localport=%port% action=%action% >nul
echo,------------------------------------------------------------------------
echo,规则名为:[%name%] 动作为:%action% 方向为:进入 协议为:%protocol% 端口为:%port% 的阻止规则已经建立。
echo,------------------------------------------------------------------------
pause
goto start
:8
rem 设置ip规则
set name=
set action=
set remoteip=
set /p name=起一个ip规则名称(如 deny-ip-1.1.1.1,Allow-ip-2.2.2.2):
set /P action=允许还是阻止规则(如 allow/block):
set /p remoteip=远程ip地址(如:8.8.8.8):
echo 预制方向为:进入
echo,
netsh advfirewall firewall add rule name="%name%" dir=in action=%action% remoteip=%remoteip% >nul
echo,------------------------------------------------------------------------
echo,规则名为:[%name%] 动作为:%action% 方向为:进入 远程ip为:%remoteip% 的阻止规则已经建立。
echo,------------------------------------------------------------------------
pause
goto start
:9
rem 下面添加要加入到例外的端口号
rem 这里使用all,表示TCP与UDP.如果只是tcp或UDP,可以改成相应的
set name=
set port=
set /p name=起一个例外规则名称(如 polycom-port-123):
set /p port=指定例外的端口号(如 25;20-21)
netsh firewall set portopening all %port% "%name%" enable
rem 删除的方法把里面的set用delete代替,后面的名字和enable用空格代替
rem netsh firewall delete portopening all 3230
pause
goto start
:10
rem 导出防火墙配置到文件
choice /C YN /n /m "导出防火墙配置输入 Y, 恢复防火墙配置输入 N [Y/N]:"
if %errorlevel% ==1 (IF EXIST exportfile.pol DEL /Q /F outfirewall.pol >NUL 2>NUL
netsh advfirewall export ".\outfirewall.pol" >NUL
echo,
IF EXIST outfirewall.pol echo 防火墙配置文件导出成功
FOR /F "delims==" %%i IN ('dir /b outfirewall.pol') DO @echo 文件位置%%~dpi%%i 生成时间%%~ti
pause
goto start
)
:importfile
if %errorlevel% ==2 (
echo, &echo 将导入文件名复制到当前目录并更名为infirewall.pol&pause
if not exist infirewall.pol (
echo,
echo infirewall.pol文件不存在
echo,
goto importfile
) else (
echo,
netsh advfirewall import infirewall.pol >nul &&echo,防火配置文件导入成功!
echo,
pause)
goto start
)
goto start
:11
rem 恢复防火墙默认策略
netsh advfirewall reset
echo,已经恢复为默认防火墙策略
pause
goto start
:12
rem 根据规则名称如xxxx查询内容
netsh advfirewall firewall show rule name=all type=static verbose | find /i "规则名称:" >firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
start notepad firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
rem del firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
set serfile=
set /P serfile=输入查询规则名称:
NETSH ADVFIREWALL FIREWALL SHOW RULE NAME="%serfile%" verbose
pause
goto start
:13
rem 删除规则
echo,删除的规则名称可以通过[12:查询规则名称]找到
echo,
set delfile=
set /P delfile=输入要删除的规则名称:
netsh advfirewall firewall delete rule name="%delfile%">nul &&echo,已删除%delfile%规则
echo,
pause
goto start
:14
echo,稍等片刻......
ping -n 2 127.0.0.1>nul
start %windir%\system32\WF.msc
goto start
:00
exit
|
|
