《系统防火墙管理设置》
为方便管理windows系统防火墙特写了这个批处理。
初次发布,请多关照。 | @echo off | | | | %1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit | | cd /d %~dp0 | | :start | | color b | | cls | | title 系统防火墙管理设置 | | echo, | | echo, | | echo, 《系统防火墙管理设置》 | | echo, | | echo ========================================================================== | | echo, 1:防火墙状态检测 2:关闭/开启防火墙 3:一键关闭/恢复文件共享端口 | | echo, | | echo, 4:关闭/恢复3389端口 5:启用常规服务端口 6: 设置程序规则 | | echo, | | echo, 7:设置端口规则 8: 设置ip规则 9: 添加例外端口 | | echo, | | echo, 10:导出/导入配置 11:恢复默认策略 12:查询规则名称 13:删除规则 | | echo, | | echo, 00:退出! 14: 打开系统防火墙控制台 | | echo ========================================================================== | | echo, | | set num= | | set/p num=请输入设置项目序号[00,1-14]: | | if /I "%num%"=="" echo 输入为空,请重新输入! &pause&goto start | | echo %num%|findstr /be "[0-9]*" >nul && echo, || echo 输入有误,请重新输入! &&pause&&goto start | | if %num%==1 goto 1 | | if %num%==2 goto 2 | | if %num%==3 goto 3 | | if %num%==4 goto 4 | | if %num%==5 goto 5 | | if %num%==6 goto 6 | | if %num%==7 goto 7 | | if %num%==8 goto 8 | | if %num%==9 goto 9 | | if %num%==10 goto 10 | | if %num%==11 goto 11 | | if %num%==12 goto 12 | | if %num%==13 goto 13 | | if %num%==14 goto 14 | | if %num%==00 goto 00 | | goto start | | | | :1 | | | | netsh advfirewall show allprofiles | | pause | | goto start | | | | :2 | | | | choice /C YN /n /m "启动防火墙输入 Y, 关闭防火墙输入 N [Y/N]:" | | if %errorlevel% equ 1 (sc config MpsSvc start= auto>nul 2>nul | | netsh advfirewall set allprofiles state on >nul 2>nul &&echo,已开启防火墙服务 | | netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound >nul | | pause) | | if %errorlevel% equ 2 (netsh advfirewall set allprofiles state off >nul 2>nul | | sc config MpsSvc start= disabled >nul 2>nul &&echo,已关闭防火墙服务 | | pause) | | goto start | | | | :3 | | choice /C YN /n /m "一键关闭文件共享端口输入 Y, 一键恢复文件共享端口输入 N [Y/N]:" | | if %errorlevel% equ 1 ( REM 一键关闭文件共享端口 | | netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul | | netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul | | netsh advfirewall firewall add rule name="deny-TCP-445,135,137,138,139" dir=in action=block protocol=TCP localport=445,135,137,138,139 >nul 2>nul | | netsh advfirewall firewall add rule name="deny-UDP-445,135,137,138,139" dir=in action=block protocol=UDP localport=445,135,137,138,139 >nul 2>nul | | echo, &echo,TCP^&UDP[445,135,137,138,139]端口已经关闭 | | pause | | ) | | | | if %errorlevel% equ 2 ( REM 一键恢复文件共享端口 | | netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul | | netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul | | echo, &echo,TCP^&UDP[445,135,137,138,139]端口已经恢复 | | pause | | ) | | goto start | | | | | | :4 | | | | choice /C YN /n /m "关闭3389端口输入 Y, 恢复3389端口输入 N [Y/N]:" | | if %errorlevel% equ 1 ( rem 阻止3389服务端口 | | netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul | | netsh advfirewall firewall add rule name=block-server-3389 dir=in action=block protocol=TCP localport=3389 >nul 2>nul | | echo,TCP[3389]端口已经阻止 | | pause) | | if %errorlevel% equ 2 ( rem 恢复3389服务策略 | | netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul | | echo,TCP[3389]端口已经恢复 | | pause) | | goto start | | | | :5 | | | | choice /C 123456789 /n /m "[1:Allow Ping] [2、FTP] [3、SSH] [4、Telnet] [5、mail] [6、HTTP HTTPS] [7、TFTP] >>>>>>>>>>>>>>>> 输入序号【1 / 2 / 3 ...】:" | | if %errorlevel% equ 1 ( netsh advfirewall firewall delete rule name="Allow Ping" protocol=icmpv4 >nul 2>nul | | netsh advfirewall firewall add rule name="Allow Ping" dir=in protocol=icmpv4 action=allow >nul 2>nul | | | | echo,Allow Ping | | pause) | | if %errorlevel% equ 2 ( netsh advfirewall firewall delete rule name="Allow FTP" protocol=TCP localport=20,21 >nul 2>nul | | netsh advfirewall firewall add rule name="Allow FTP" protocol=TCP dir=in localport=20,21 action=allow >nul 2>nul | | echo,Allow FTP | | pause) | | if %errorlevel% equ 3 ( netsh advfirewall firewall delete rule name="Allow SSH" protocol=TCP localport=22 >nul 2>nul | | netsh advfirewall firewall add rule name="Allow SSH" protocol=TCP dir=in localport=22 action=allow >nul 2>nul | | Echo,Allow SSH | | pause) | | | | if %errorlevel% equ 4 ( netsh advfirewall firewall delete rule name="Allow Telnet" protocol=TCP localport=23 >nul 2>nul | | netsh advfirewall firewall add rule name="Allow Telnet" protocol=TCP dir=in localport=23 action=allow >nul 2>nul | | echo,Allow Telnet | | pause) | | | | if %errorlevel% equ 5 ( netsh advfirewall firewall delete rule name="Allow mail" protocol=TCP localport=25,110 >nul 2>nul | | netsh advfirewall firewall add rule name="Allow mail" protocol=TCP dir=in localport=25,110 action=allow >nul 2>nul | | echo,Allow SMTP AND POP3 | | pause) | | | | if %errorlevel% equ 6 ( netsh advfirewall firewall delete rule name="Allow HTTP and HTTPS" protocol=TCP localport=80,443 >nul 2>nul | | netsh advfirewall firewall add rule name="Allow HTTP and HTTPS" protocol=TCP dir=in localport=80,443 action=allow >nul 2>nul | | echo,Allow HTTP AND HTTPS | | pause) | | if %errorlevel% equ 7 ( netsh advfirewall firewall delete rule name="Allow TFTP" protocol=UDP localport=69 >nul 2>nul | | netsh advfirewall firewall add rule name="Allow TFTP" protocol=UDP dir=in localport=69 action=allow >nul 2>nul | | echo,Allow TFTP | | pause) | | | | goto start | | | | | | :6 | | | | | | | | | | pause | | goto start | | | | :7 | | | | set name= | | set port= | | set protocol= | | set dir= | | set action= | | set /p name=定义一个规则名称(如 deny-TCP-445,Allow-tcp-3389): | | set /P action=允许还是阻止规则(如 allow/block): | | set /p port=输入要阻止的端口号(连续端口:1-65535;不连续端口:137,139,445): | | set /p protocol=协议类别(TCP/udp): | | echo 预制方向为:进入 | | echo, | | netsh advfirewall firewall add rule name="%name%" dir=in protocol=%protocol% localport=%port% action=%action% >nul | | echo,------------------------------------------------------------------------ | | echo,规则名为:[%name%] 动作为:%action% 方向为:进入 协议为:%protocol% 端口为:%port% 的阻止规则已经建立。 | | echo,------------------------------------------------------------------------ | | pause | | goto start | | | | :8 | | | | set name= | | set action= | | set remoteip= | | set /p name=起一个ip规则名称(如 deny-ip-1.1.1.1,Allow-ip-2.2.2.2): | | set /P action=允许还是阻止规则(如 allow/block): | | set /p remoteip=远程ip地址(如:8.8.8.8): | | echo 预制方向为:进入 | | echo, | | netsh advfirewall firewall add rule name="%name%" dir=in action=%action% remoteip=%remoteip% >nul | | echo,------------------------------------------------------------------------ | | echo,规则名为:[%name%] 动作为:%action% 方向为:进入 远程ip为:%remoteip% 的阻止规则已经建立。 | | echo,------------------------------------------------------------------------ | | pause | | goto start | | | | :9 | | | | | | set name= | | set port= | | set /p name=起一个例外规则名称(如 polycom-port-123): | | set /p port=指定例外的端口号(如 25;20-21) | | netsh firewall set portopening all %port% "%name%" enable | | | | rem 删除的方法把里面的set用delete代替,后面的名字和enable用空格代替 | | | | pause | | goto start | | | | :10 | | | | choice /C YN /n /m "导出防火墙配置输入 Y, 恢复防火墙配置输入 N [Y/N]:" | | if %errorlevel% ==1 (IF EXIST exportfile.pol DEL /Q /F outfirewall.pol >NUL 2>NUL | | netsh advfirewall export ".\outfirewall.pol" >NUL | | echo, | | IF EXIST outfirewall.pol echo 防火墙配置文件导出成功 | | FOR /F "delims==" %%i IN ('dir /b outfirewall.pol') DO @echo 文件位置%%~dpi%%i 生成时间%%~ti | | pause | | goto start | | ) | | :importfile | | if %errorlevel% ==2 ( | | echo, &echo 将导入文件名复制到当前目录并更名为infirewall.pol&pause | | if not exist infirewall.pol ( | | echo, | | echo infirewall.pol文件不存在 | | echo, | | goto importfile | | ) else ( | | echo, | | netsh advfirewall import infirewall.pol >nul &&echo,防火配置文件导入成功! | | echo, | | pause) | | goto start | | ) | | | | goto start | | | | :11 | | | | netsh advfirewall reset | | echo,已经恢复为默认防火墙策略 | | pause | | goto start | | | | :12 | | | | netsh advfirewall firewall show rule name=all type=static verbose | find /i "规则名称:" >firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt | | start notepad firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt | | | | set serfile= | | set /P serfile=输入查询规则名称: | | NETSH ADVFIREWALL FIREWALL SHOW RULE NAME="%serfile%" verbose | | pause | | goto start | | | | :13 | | | | echo,删除的规则名称可以通过[12:查询规则名称]找到 | | echo, | | set delfile= | | set /P delfile=输入要删除的规则名称: | | netsh advfirewall firewall delete rule name="%delfile%">nul &&echo,已删除%delfile%规则 | | echo, | | pause | | goto start | | | | :14 | | echo,稍等片刻...... | | ping -n 2 127.0.0.1>nul | | start %windir%\system32\WF.msc | | goto start | | | | :00 | | exitCOPY |
转自:http://cndos.fam.cx/forum/viewthread.php?tid=55252&fpage=2 |
发表于 2020-5-27 14:14
| 