常用端口

20 ftp傳送端口

21 ftp控制端口

53 nds服務端口tcp/utp

80 web服務端口

161 snmp服務端口

1433 mssql

3306 mysql

3389 遠程連接

#=====================腳本開始=====================

　　netsh ipsec static add policy name="10互聯默認ip策略" description="本地可以上網,并開放常用端口."

#=====================添加策略允許雙向ping=============

    netsh ipsec static add filter filterlist="所有ICMP 通訊" srcaddr=me srcmask=255.255.255.255 dstaddr=Any protocol=ICMP

    netsh ipsec static add rule name="所有ICMP 通訊" policy="10互聯默認ip策略" filterlist="所有ICMP 通訊"  filteraction="許可"

#=====================添加2個動作，block和permit(拒絕和允許)==

　　netsh ipsec static add filteraction name=Permit action=permit

　　netsh ipsec static add filteraction name=Block action=block

#===開放某些IP無限制訪問任何的端口(UnLimitedIP)ip為125.76.233.185可以訪問服務器的任何的端口===

　　netsh ipsec static add filterlist name=UnLimitedIP description="開放某些IP無限制訪問任何的端口"

　　netsh ipsec static add filter filterlist=UnLimitedIP srcaddr=125.76.233.185 dstaddr=Me

　　netsh ipsec static add rule name=AllowUnLimitedIP policy="10互聯默認ip策略" filterlist=UnLimitedIP filteraction=Permit

#===開放某些ip可以訪問某些端口(SomeIPSomePort)ip為125.76.233.185可以訪問3389端口,自己可以上網用到對方的80和53端口

　　netsh ipsec static add filterlist name=SomeIPSomePort description="開放某些ip可以訪問某些端口"

　　netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=80 protocol=TCP

　　netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=53 protocol=UDP

　　netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=53 protocol=TCP  

　　netsh ipsec static add filter filterlist=SomeIPSomePort srcaddr=125.76.233.185 dstaddr=Me dstport=3389 protocol=TCP

　　netsh ipsec static add rule name=AllowSomeIPSomePort policy="10互聯默認ip策略" filterlist=SomeIPSomePort filteraction=Permit

#===開放一些服務需要的端口(OpenSomePort)所有的端口可以是用網站+ftp+遠程服務=====================

　　netsh ipsec static add filterlist name=OpenSomePort description="開放一些服務需要的端口"

　　netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=20 protocol=TCP

　　netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=21 protocol=TCP

　　netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=80 protocol=TCP

　　netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=1433 protocol=TCP

　　netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=3306 protocol=TCP

　　netsh ipsec static add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=3389 protocol=TCP

　　netsh ipsec static add rule name=AllowOpenSomePort policy="10互聯默認ip策略" filterlist=OpenSomePort filteraction=Permit

#===禁止所有訪問(AllAccess)=====================

　　netsh ipsec static add filterlist name=AllAccess

　　netsh ipsec static add filter filterlist=AllAccess srcaddr=Me dstaddr=Any

　　netsh ipsec static add rule name=BlockAllAccess policy="10互聯默認ip策略" filterlist=AllAccess filteraction=Block

#===激活這個策略=====================

　　netsh ipsec static set policy name="10互聯默認ip策略" assign=y