powershell 管理防火墙(windows server 2012)
创建允许telnet的防火墙规则
Netsh
netsh advfirewall firewall add rule name="Allow Inbound Telnet" dir=in program= %SystemRoot%\System32\tlntsvr.exe remoteip=localsubnet action=allow
Powershell
New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow
解析参数如下
New-NetFirewallRule
-DisplayName “Allow Inbound Telnet” 规则名称
-Direction Inbound 方向
-Program %SystemRoot%\System32\tlntsvr.exe 程序
-RemoteAddress LocalSubnet 远程地址
-Action Allow 允许
80端口
New-NetFirewallRule -DisplayName “Allow Web 80” -Direction Inbound -RemoteAddress Any -Action Allow
删除一条规则
netsh:
netsh advfirewall firewall delete rule name=“Allow Web 80”
powershell:
Remove-NetFirewallRule –DisplayName “Allow Web 80”
修改已存在的规则
netsh advfirewall firewall set rule name="Allow Web 80" new remoteip=192.168.0.2
Set-NetFirewallRule –DisplayName “Allow Web 80” -RemoteAddress 192.168.0.2
New-NetFirewallRule -DisplayName “Allow Web 80” -Direction Inbound -LocalPort 80 -Protocol TCP -RemotePort 8080 -RemoteAddress 192.168.0.2 -Action Allow
指定本地端口的时候要指定协议LocalPort和Protocol一起
协议和端口的参数:LocalPort,Protocol,RemotePort
端口范围
-LocalPort 8080-8090
作用域参数RemoteAddress,LocalAddress,如果没写,默认都是Any
-RemoteAddress 192.168.0.1 指定ip
-RemoteAddress 192.168.0.1-192.168.0.244 范围
-RemoteAddress Any 所有
基本上面的可以满足端口的白名单的设置,那如何写成可执行命令呢?
理论上是做成脚本执行,不过我遇到问题,现在是多条命令直接复制粘贴进去执行。
启用或禁用已存在的某条规则
Set-NetFirewallRule –DisplayName “Allow Web 80” -Enabled True
Set-NetFirewallRule –DisplayName “Allow Web 80” -Enabled False
禁掉135,137,138,139,445的TCP和UDP协议连接,明显方便了,想对一条条新建规则。
New-NetFirewallRule -DisplayName “Disable port TCP” -Direction Inbound -LocalPort 135,137,138,139,445 -Protocol TCP -Action Block
New-NetFirewallRule -DisplayName “Disable port UDP” -Direction Inbound -LocalPort 135,137,138,139,445 -Protocol UDP -Action Block