我有一个IP地址列表。
L = {X.X.X.X,y.y.y.y,...等}
我想阻止除上面列表中的IP地址之外的所有IP地址。
如何在Windows机器中使用IPSEC命令?
我试图从以下Microsoft链接中找出答案。但没有运气: - (
示例:
我的目标:阻止所有ips 198.18.84.161:80除了IP 198.18.84.162
我尝试了以下内容。
1)阻止端口80上的所有ips。
步骤:
netsh ipsec static add filterlist name = filterlist_198.18.84.161
netsh ipsec static add filter filterlist = filterlist_198.18.84.161 srcaddr = any dstaddr = Me protocol = tcp srcport = 0 dstport = 80
netsh ipsec static add filteraction name = action_198.18.84.161 action = block
netsh ipsec static add policy name = policy_198.18.84.161 assign = yes
netsh ipsec static add rule name = rule_198.18.84.161 policy = policy_198.18.84.161 filterlist = filterlist_198.18.84.161 filteraction = action_198.18.84.161
结果:它阻止了端口80上的所有ips
2)在机器的端口80上允许IP 198.18.84.162 198.18.84.161
步骤:
netsh ipsec static add filterlist name = filterlist_198.18.84.162
netsh ipsec static add filter filterlist = filterlist_198.18.84.162 srcaddr = 198.18.84.162 dstaddr = Me protocol = tcp srcport = 0 dstport = 80
netsh ipsec static add filteraction name = action_198.18.84.162 action = permit
netsh ipsec static add policy name = policy_198.18.84.162 assign = yes
netsh ipsec static add rule name = rule_198.18.84.162 policy = policy_198.18.84.162 filterlist = filterlist_198.18.84.162 filteraction = action_198.18.84.162
结果:取消阻止端口80上的所有IP,而不是仅取消阻止198.18.84.162
答案 0 :(得分:0)
我自己找到了答案。
以下是步骤:
1. 阻止端口80上的所有Ips
netsh ipsec static add filterlist name = filterlist_198.18.84.161
netsh ipsec static add filter filterlist = filterlist_198.18.84.161 srcaddr = any dstaddr = Me protocol = tcp srcport = 0 dstport = 80
netsh ipsec static add filteraction name = action_198.18.84.161 action = block
netsh ipsec static add policy name = policy_198.18.84.161 assign = yes
netsh ipsec static add rule name = rule_198.18.84.161 policy = policy_198.18.84.161 filterlist = filterlist_198.18.84.161 filteraction = action_198.18.84.161
2. 允许端口80上的特定IP。
netsh ipsec static add filterlist name = filterlist_198.18.84.162
netsh ipsec static add filter filterlist = filterlist_198.18.84.162 srcaddr = 198.18.84.162 dstaddr = Me protocol = tcp srcport = 0 dstport = 80
netsh ipsec static add filteraction name = action_198.18.84.162 action = permit
netsh ipsec static add rule name = rule_198.18.84.162 policy = policy_198.18.84.161 filterlist = filterlist_198.18.84.162 filteraction = action_198.18.84.162
诀窍是对上述两条规则使用相同的政策。