碼上歡樂
相關內容    簡體    繁體

等保加固Windows防火牆命令行配置指南

本文轉載自   查看原文   2020-05-07 15:08   553 

::開啟防火牆服務
net start mpssvc
::配置遠程桌面僅允許管理機遠程
netsh advfirewall firewall add rule name=allow_rdp dir=in action=allow description="允許遠程桌面策略" enable=yes profile=public,private,domain remoteip=192.168.11.42,192.168.11.44,192.168.10.250,192.168.168.249,192.168.168.252 localport=3389 protocol=tcp
netsh advfirewall firewall set rule name="遠程桌面(TCP-In)" new enable=no
netsh advfirewall firewall set rule name="遠程桌面 - 用戶模式(TCP-In)" new enable=no
netsh advfirewall firewall set rule name="遠程桌面 - 用戶模式(UDP-In)" new enable=no
netsh advfirewall firewall set rule name="遠程桌面 - RemoteFX (TCP-In)" new enable=no
::關閉135-139端口
netsh advfirewall firewall add rule name=deny_tcp_port dir=in action=block description="關閉風險端口" enable=yes profile=public,private,domain localport=135-139 protocol=tcp
netsh advfirewall firewall add rule name=deny_udp_port dir=in action=block description="關閉風險端口" enable=yes profile=public,private,domain localport=135-139 protocol=udp
::開放應用端口
netsh advfirewall firewall add rule name=allow_app_port dir=in action=allow description="開放應用端口" enable=yes profile=public,private,domain localport=1433,4899,8080-8088 protocol=tcp
::開放snmp端口
netsh advfirewall firewall add rule name=allow_snmp_port dir=in action=allow description="開放snmp端口" enable=yes profile=public,private,domain localport=161 protocol=udp
::關閉默認開啟445的策略
netsh advfirewall firewall set rule name="Netlogon 服務(NP-In)" new enable=no
netsh advfirewall firewall set rule name="Telnet 遠程管理(NP-In)" new enable=no
netsh advfirewall firewall set rule name="文件和打印機共享(SMB-In)" new enable=no
netsh advfirewall firewall set rule name="遠程服務管理(NP-In)" new enable=no
netsh advfirewall firewall set rule name="遠程事件日志管理(NP-In)" new enable=no
netsh advfirewall firewall set rule name="DFS 管理(SMB-In)" new enable=no
::對堡壘機開啟445端口
netsh advfirewall firewall add rule name=allow_445_port dir=in action=allow description="對堡壘機開放445端口" enable=yes profile=public,private,domain remoteip=192.168.11.42 localport=445 protocol=tcp
::開啟ping
netsh advfirewall firewall set rule name="文件和打印機共享(回顯請求 - ICMPv4-In)" new enable=yes
::開放愛數備份櫃程序
netsh advfirewall firewall add rule name=allow_EBackup_program dir=in action=allow description="開放愛數備份櫃程序" enable=yes service=EBackupClient profile=public,private,domain remoteip=192.168.11.32 protocol=tcp

::啟用防火牆
netsh advfirewall set allprofile state on


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 cmd命令行配置windows防火牆 通過CMD命令行打開防火牆端口 Windows windows 通過cmd命令行管理防火牆 Windows Server 2003 使用命令行來配置防火牆 Windows命令行 快速應急教程(防火牆篇) 用命令行方式關閉CentOS防火牆 命令行添加防火牆入站規則 CMD命令行netsh添加防火牆規則 H3C防火牆 PPPOE撥號方式上網配置方法(命令行) Centos7命令行安裝Tomcat以及配置防火牆開放端口
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM