{"id":434,"date":"2016-01-04T17:27:59","date_gmt":"2016-01-04T09:27:59","guid":{"rendered":"http:\/\/www.huike007.cn\/?p=434"},"modified":"2016-01-05T10:07:26","modified_gmt":"2016-01-05T02:07:26","slug":"%e5%91%bd%e4%bb%a4%e8%a1%8c%e6%b7%bb%e5%8a%a0ipsec-%e5%8f%8a-%e9%98%b2%e7%81%ab%e5%a2%99","status":"publish","type":"post","link":"http:\/\/www.huike007.cn\/?p=434","title":{"rendered":"\u547d\u4ee4\u884c\u6dfb\u52a0ipsec \u53ca \u9632\u706b\u5899"},"content":{"rendered":"<p>\u5982\u679c\u8981\u8fd0\u884c\u8fd9\u53f0\u673a\u5668\u8bbf\u95ee192.168.1.1\u76848080\u7aef\u53e3\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u5982\u4e0b\u8bbe\u7f6e,\u4ee5\u4e0b\u4e3a\u4e00\u4e2a\u8bbe\u7f6e\u53ca\u76f8\u5173\u6ce8\u91ca\uff0c\u8bf7\u60a8\u53c2\u8003\uff1a<br \/>\n&nbsp;<br \/>\n\u5efa\u7acb\u4e00\u4e2a\u540d\u53ebpolicy1\u7684\u5b89\u5168\u7b56\u7565\uff1a<br \/>\nNetsh ipsec static add policy name=policy1<br \/>\n&nbsp;<br \/>\n\u5efa\u7acb\u4e00\u4e2a\u5b89\u5168\u7b5b\u9009\u5668\uff0c\u6307\u5b9a192.168.1.1<br \/>\nNetsh ipsec static add filterlist name=allowip<br \/>\nNetsh ipsec static add filter filterlist=allowip srcaddr=me dstaddr=192.168.1.1 dstport=8080 protocol=TCP<br \/>\n(\u7f51\u6bb5srcaddr=192.168.1.1 srcmask=255.255.255.0)<br \/>\n(dstport=8080 protocol=TCP \u4e0d\u586b\u5199\u4ee3\u8868all )<br \/>\n&nbsp;<br \/>\n\u5efa\u7acb\u4e00\u4e2a\u7b5b\u9009\u5668\u64cd\u4f5c\uff1a<br \/>\nNetsh ipsec static add filteraction name=allowact action=permit<br \/>\n&nbsp;<br \/>\n\u52a0\u5165\u89c4\u5219\u5230\u5b89\u5168\u7b56\u7565policy1:<br \/>\nNetsh ipsec static add rule name=rule1 policy=policy1 filterlist=allowip filteraction=allowact<br \/>\n&nbsp;<br \/>\n\u6fc0\u6d3b\u8fd9\u4e2a\u7b56\u7565\uff1a<br \/>\nNetsh ipsec static set policy name=policy1 assign=y<br \/>\n<strong>&#8216;\u628a\u5b89\u5168\u7b56\u7565\u5bfc\u51fa<\/strong><br \/>\nnetsh ipsec static exportpolicy d:\\ip.ipsec<br \/>\n<strong>&#8216;\u5220\u9664\u6240\u6709\u5b89\u5168\u7b56\u7565<\/strong><br \/>\nnetsh ipsec static del all<br \/>\n<strong>&#8216;\u628a\u5b89\u5168\u7b56\u7565\u5bfc\u5165<\/strong><br \/>\nnetsh ipsec static importpolicy d:\\ip.ipsec<br \/>\n&nbsp;<br \/>\n&nbsp;<br \/>\n<strong>\u811a\u672c\u65b9\u5f0f<\/strong><br \/>\n<strong>========<\/strong><br \/>\n\u53ef\u4ee5\u5c06\u4ee5\u4e0b\u5185\u5bb9\u590d\u5236\u5230\u4e00\u4e2aipsec.bat\u6587\u4ef6\u4e2d:<br \/>\n<strong><em>netsh ipsec static add policy name=test<\/em><\/strong><br \/>\n<strong><em>netsh ipsec static add filterlist name=myallow<\/em><\/strong><br \/>\n<strong><em>netsh ipsec static add filter filterlist=myallow srcaddr=me dstaddr=192.168.1.1 dstport=8080 protocol=TCP<\/em><\/strong><br \/>\n<strong><em>netsh ipsec static add filteraction name=allow action=permit<\/em><\/strong><br \/>\n<strong><em>netsh ipsec static add rule name=allowrule policy=test filterlist=myallow filteraction=allow<\/em><\/strong><br \/>\n<strong><em>netsh ipsec static set policy name=test assign=y<\/em><\/strong><br \/>\n&nbsp;<br \/>\n\u5728\u9700\u8981\u914d\u7f6e\u7684\u673a\u5668\u4e0a\uff0c\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u8fd0\u884cBAT\u6587\u4ef6\uff0c\u5373\u53ef\u6dfb\u52a0\u4e0a<br \/>\n&nbsp;<br \/>\n<strong>Firewall <\/strong><strong>\u9ad8\u7ea7\u8bbe\u7f6e<\/strong><br \/>\n<strong>================<\/strong><br \/>\n&nbsp;<br \/>\n\u540c\u6837\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u8003\u8651\u4f7f\u7528windows firewall\u53bb\u8bbe\u7f6e\u76f8\u5e94\u7684\u7b56\u7565\u548c\u89c4\u5219\uff0c\u547d\u4ee4\u5982\u4e0b\uff1a<br \/>\n&nbsp;<br \/>\n\u53f3\u51fb\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u8fd0\u884ccmd.exe\u6267\u884c\u5982\u4e0b\u547d\u4ee4\uff1a<br \/>\nnetsh advfirewall set currentprofile state on??????????????? &#8212;\u8be5\u547d\u4ee4\u662f\u5c06\u8ba1\u7b97\u673a\u4e0a\u7684\u9632\u706b\u5899\u542f\u7528\u8d77\u6765<br \/>\n\u518d\u8bbe\u7f6e\u767d\u540d\u5355\uff0c\u5176\u4e2drule name \u548cremoteip\u53ef\u4ee5\u81ea\u884c\u4fee\u6539\uff1a<br \/>\nnetsh advfirewall firewall add rule name=&#8221;LOGS&#8221; dir=in action=allow protocol=TCP localport=8080 remoteip=192.268.1.1<br \/>\nnetsh advfirewall firewall add rule name=&#8221;rdp01&#8243; dir=in action=allow protocol=TCP localport=3389 remoteip=33.33.33.31<br \/>\nnetsh advfirewall firewall add rule name=&#8221;rdp02&#8243; dir=in action=allow protocol=TCP localport=3389 remoteip=33.33.33.32<br \/>\nnetsh advfirewall firewall add rule name=&#8221;rdp03&#8243; dir=in action=allow protocol=TCP localport=3389 remoteip=33.33.33.33<br \/>\nnetsh advfirewall firewall add rule name=&#8221;SQL01&#8243; dir=in action=allow protocol=TCP localport=1444 remoteip=33.33.33.31<br \/>\nnetsh advfirewall firewall add rule name=&#8221;SQL02&#8243; dir=in action=allow protocol=TCP localport=1444 remoteip=33.33.33.32<br \/>\nnetsh advfirewall firewall add rule name=&#8221;SQL03&#8243; dir=in action=allow protocol=TCP localport=1444 remoteip=33.33.33.33<br \/>\n&nbsp;<br \/>\n&nbsp;<br \/>\n&nbsp;<br \/>\n\u53c2\u8003\u94fe\u63a5\uff1a<br \/>\nNetsh commands for Internet Protocol security-2003<br \/>\n<a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/cc739550(v=ws.10).aspx\">https:\/\/technet.microsoft.com\/en-us\/library\/cc739550(v=ws.10).aspx<\/a><br \/>\n&nbsp;<br \/>\nNetsh Commands for Internet Protocol Security (IPsec)-2008<br \/>\n<a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/cc725926(v=ws.10).aspx\">https:\/\/technet.microsoft.com\/en-us\/library\/cc725926(v=ws.10).aspx<\/a><br \/>\n&nbsp;<br \/>\nHow to use the &#8220;netsh advfirewall firewall&#8221; context instead of the &#8220;netsh firewall&#8221; context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista<br \/>\n<a href=\"https:\/\/support.microsoft.com\/en-us\/kb\/947709\">https:\/\/support.microsoft.com\/en-us\/kb\/947709<\/a><br \/>\n&nbsp;<br \/>\nNetsh AdvFirewall Firewall Commands<br \/>\n<a href=\"https:\/\/technet.microsoft.com\/zh-cn\/library\/dd734783(v=ws.10).aspx\">https:\/\/technet.microsoft.com\/zh-cn\/library\/dd734783(v=ws.10).aspx<\/a><br \/>\n&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5982\u679c\u8981\u8fd0\u884c\u8fd9\u53f0\u673a\u5668\u8bbf\u95ee192.168.1.1\u76848080\u7aef\u53e3\uff0c\u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u5982\u4e0b\u8bbe\u7f6e,\u4ee5\u4e0b\u4e3a\u4e00\u4e2a\u8bbe\u7f6e\u53ca\u76f8\u5173\u6ce8\u91ca\uff0c\u8bf7 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[178],"tags":[368],"_links":{"self":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/434"}],"collection":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=434"}],"version-history":[{"count":3,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/434\/revisions"}],"predecessor-version":[{"id":437,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/434\/revisions\/437"}],"wp:attachment":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=434"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}