ip - 如何在Windows上使用IPSEC阻止给定端口上的所有IP地址列表？

我有一个IP地址列表。

L = {X.X.X.X，y.y.y.y，...等}

我想阻止除上面列表中的IP地址之外的所有IP地址。

如何在Windows机器中使用IPSEC命令？

我试图从以下Microsoft链接中找出答案。但没有运气： - （

示例：

我的目标：阻止所有ips 198.18.84.161:80除了IP 198.18.84.162

我尝试了以下内容。

1）阻止端口80上的所有ips。

步骤：

netsh ipsec static add filterlist name = filterlist_198.18.84.161

netsh ipsec static add filter filterlist = filterlist_198.18.84.161 srcaddr = any dstaddr = Me protocol = tcp srcport = 0 dstport = 80

netsh ipsec static add filteraction name = action_198.18.84.161 action = block

netsh ipsec static add policy name = policy_198.18.84.161 assign = yes

netsh ipsec static add rule name = rule_198.18.84.161 policy = policy_198.18.84.161 filterlist = filterlist_198.18.84.161 filteraction = action_198.18.84.161

结果：它阻止了端口80上的所有ips

2）在机器的端口80上允许IP 198.18.84.162 198.18.84.161

步骤：

netsh ipsec static add filterlist name = filterlist_198.18.84.162

netsh ipsec static add filter filterlist = filterlist_198.18.84.162 srcaddr = 198.18.84.162 dstaddr = Me protocol = tcp srcport = 0 dstport = 80

netsh ipsec static add filteraction name = action_198.18.84.162 action = permit

netsh ipsec static add policy name = policy_198.18.84.162 assign = yes

netsh ipsec static add rule name = rule_198.18.84.162 policy = policy_198.18.84.162 filterlist = filterlist_198.18.84.162 filteraction = action_198.18.84.162

结果：取消阻止端口80上的所有IP，而不是仅取消阻止198.18.84.162

我自己找到了答案。

以下是步骤：

1. 阻止端口80上的所有Ips

netsh ipsec static add filterlist name = filterlist_198.18.84.161

netsh ipsec static add filter filterlist = filterlist_198.18.84.161 srcaddr = any dstaddr = Me protocol = tcp srcport = 0 dstport = 80

netsh ipsec static add filteraction name = action_198.18.84.161 action = block

netsh ipsec static add policy name = policy_198.18.84.161 assign = yes

netsh ipsec static add rule name = rule_198.18.84.161 policy = policy_198.18.84.161 filterlist = filterlist_198.18.84.161 filteraction = action_198.18.84.161

2. 允许端口80上的特定IP。

netsh ipsec static add filterlist name = filterlist_198.18.84.162

netsh ipsec static add filter filterlist = filterlist_198.18.84.162 srcaddr = 198.18.84.162 dstaddr = Me protocol = tcp srcport = 0 dstport = 80

netsh ipsec static add filteraction name = action_198.18.84.162 action = permit

netsh ipsec static add rule name = rule_198.18.84.162 policy = policy_198.18.84.161 filterlist = filterlist_198.18.84.162 filteraction = action_198.18.84.162

诀窍是对上述两条规则使用相同的政策。

如何在Windows上使用IPSEC阻止给定端口上的所有IP地址列表？

1 个答案: