echo 创建安全策略
Netsh IPsec static add policy name = 445_135
echo 创建筛选器是阻止的操作
Netsh IPsec static add filteraction name = 阻止 action = block
echo 创建筛选器是允许的操作
Netsh IPsec static add filteraction name = 允许 action = permit
echo 建立一个筛选器不可以访问的终端列表
Netsh IPsec static add filterlist name = 不可访问的终端列表
Netsh IPsec static add filterlist name = 可访问的终端列表
echo 添加135.137.139.端口
Netsh IPsec static add filter filterlist = 不可访问的终端列表 srcaddr = any dstaddr = me dstport = 137 description = 137 protocol = TCP mirrored = no
Netsh IPsec static add filter filterlist = 不可访问的终端列表 srcaddr = any dstaddr = me dstport = 137 description = 137 protocol = UDP mirrored = no
Netsh IPsec static add filter filterlist = 不可访问的终端列表 srcaddr = any dstaddr = me dstport = 139 description = 139 protocol = TCP mirrored = no
Netsh IPsec static add filter filterlist = 不可访问的终端列表 srcaddr = any dstaddr = me dstport = 139 description = 139 protocol = UDP mirrored = no
Netsh ipsec static add filter filterlist = 不可访问的终端列表 Srcaddr = any dstaddr = me dstport = 135 description = 135 protocol = TCP mirrored = no
Netsh ipsec static add filter filterlist = 不可访问的终端列表 Srcaddr = any dstaddr = me dstport = 135 description = 135 protocol = UDP mirrored = no
Netsh IPsec static add filter filterlist = 可访问的终端列表 srcaddr = me dstaddr = any dstport = 3389 description = 3389 protocol = TCP mirrored = no
Netsh IPsec static add filter filterlist = 可访问的终端列表 srcaddr = me dstaddr = any dstport = 3389 description = 3389 protocol = UDP mirrored = no
echo 建立策略规则
Netsh ipsec static add rule name = 不可访问的终端策略规则 Policy = 445_135 filterlist = 不可访问的终端列表 filteraction = 阻止
Netsh ipsec static add rule name = 可访问的终端策略规则 Policy = 445_135 filterlist = 可访问的终端列表 filteraction = 允许
echo 激活策略
netsh ipsec static set policy name = 445_135 assign = y
start /B cmd /c secpol.msc