『楼 主』:
[原创] 《系统防火墙管理设置》
使用 LLM 解释/回答一下
为方便管理windows系统防火墙特写了这个批处理。
初次发布,请多关照。
@echo off
rem 取得管理员权限(针对xp以后的系统)
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d %~dp0
:start
color b
cls
title 系统防火墙管理设置
echo,
echo,
echo, 《系统防火墙管理设置》
echo,
echo ==========================================================================
echo, 1:防火墙状态检测 2:关闭/开启防火墙 3:一键关闭/恢复文件共享端口
echo,
echo, 4:关闭/恢复3389端口 5:启用常规服务端口 6: 设置程序规则
echo,
echo, 7:设置端口规则 8: 设置ip规则 9: 添加例外端口
echo,
echo, 10:导出/导入配置 11:恢复默认策略 12:查询规则名称 13:删除规则
echo,
echo, 00:退出! 14: 打开系统防火墙控制台
echo ==========================================================================
echo,
set num=
set/p num=请输入设置项目序号[00,1-14]:
if /I "%num%"=="" echo 输入为空,请重新输入! &pause&goto start
echo %num%|findstr /be "[0-9]*" >nul && echo, || echo 输入有误,请重新输入! &&pause&&goto start
if %num%==1 goto 1
if %num%==2 goto 2
if %num%==3 goto 3
if %num%==4 goto 4
if %num%==5 goto 5
if %num%==6 goto 6
if %num%==7 goto 7
if %num%==8 goto 8
if %num%==9 goto 9
if %num%==10 goto 10
if %num%==11 goto 11
if %num%==12 goto 12
if %num%==13 goto 13
if %num%==14 goto 14
if %num%==00 goto 00
goto start
:1
rem 状态查询
netsh advfirewall show allprofiles
pause
goto start
:2
rem 开启防火墙服务
choice /C YN /n /m "启动防火墙输入 Y, 关闭防火墙输入 N [Y/N]:"
if %errorlevel% equ 1 (sc config MpsSvc start= auto>nul 2>nul
netsh advfirewall set allprofiles state on >nul 2>nul &&echo,已开启防火墙服务
netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound >nul
pause)
if %errorlevel% equ 2 (netsh advfirewall set allprofiles state off >nul 2>nul
sc config MpsSvc start= disabled >nul 2>nul &&echo,已关闭防火墙服务
pause)
goto start
:3
choice /C YN /n /m "一键关闭文件共享端口输入 Y, 一键恢复文件共享端口输入 N [Y/N]:"
if %errorlevel% equ 1 ( REM 一键关闭文件共享端口
netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul
netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul
netsh advfirewall firewall add rule name="deny-TCP-445,135,137,138,139" dir=in action=block protocol=TCP localport=445,135,137,138,139 >nul 2>nul
netsh advfirewall firewall add rule name="deny-UDP-445,135,137,138,139" dir=in action=block protocol=UDP localport=445,135,137,138,139 >nul 2>nul
echo, &echo,TCP^&UDP[445,135,137,138,139]端口已经关闭
pause
)
if %errorlevel% equ 2 ( REM 一键恢复文件共享端口
netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul
netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul
echo, &echo,TCP^&UDP[445,135,137,138,139]端口已经恢复
pause
)
goto start
:4
rem 关闭/恢复3389端口
choice /C YN /n /m "关闭3389端口输入 Y, 恢复3389端口输入 N [Y/N]:"
if %errorlevel% equ 1 ( rem 阻止3389服务端口
netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul
netsh advfirewall firewall add rule name=block-server-3389 dir=in action=block protocol=TCP localport=3389 >nul 2>nul
echo,TCP[3389]端口已经阻止
pause)
if %errorlevel% equ 2 ( rem 恢复3389服务策略
netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul
echo,TCP[3389]端口已经恢复
pause)
goto start
:5
rem 启用常规服务端口
choice /C 123456789 /n /m "[1:Allow Ping] [2、FTP] [3、SSH] [4、Telnet] [5、mail] [6、HTTP HTTPS] [7、TFTP] >>>>>>>>>>>>>>>> 输入序号【1 / 2 / 3 ...】:"
if %errorlevel% equ 1 ( netsh advfirewall firewall delete rule name="Allow Ping" protocol=icmpv4 >nul 2>nul
netsh advfirewall firewall add rule name="Allow Ping" dir=in protocol=icmpv4 action=allow >nul 2>nul
rem ICMP Allow incoming
echo,Allow Ping
pause)
if %errorlevel% equ 2 ( netsh advfirewall firewall delete rule name="Allow FTP" protocol=TCP localport=20,21 >nul 2>nul
netsh advfirewall firewall add rule name="Allow FTP" protocol=TCP dir=in localport=20,21 action=allow >nul 2>nul
echo,Allow FTP
pause)
if %errorlevel% equ 3 ( netsh advfirewall firewall delete rule name="Allow SSH" protocol=TCP localport=22 >nul 2>nul
netsh advfirewall firewall add rule name="Allow SSH" protocol=TCP dir=in localport=22 action=allow >nul 2>nul
Echo,Allow SSH
pause)
if %errorlevel% equ 4 ( netsh advfirewall firewall delete rule name="Allow Telnet" protocol=TCP localport=23 >nul 2>nul
netsh advfirewall firewall add rule name="Allow Telnet" protocol=TCP dir=in localport=23 action=allow >nul 2>nul
echo,Allow Telnet
pause)
if %errorlevel% equ 5 ( netsh advfirewall firewall delete rule name="Allow mail" protocol=TCP localport=25,110 >nul 2>nul
netsh advfirewall firewall add rule name="Allow mail" protocol=TCP dir=in localport=25,110 action=allow >nul 2>nul
echo,Allow SMTP AND POP3
pause)
if %errorlevel% equ 6 ( netsh advfirewall firewall delete rule name="Allow HTTP and HTTPS" protocol=TCP localport=80,443 >nul 2>nul
netsh advfirewall firewall add rule name="Allow HTTP and HTTPS" protocol=TCP dir=in localport=80,443 action=allow >nul 2>nul
echo,Allow HTTP AND HTTPS
pause)
if %errorlevel% equ 7 ( netsh advfirewall firewall delete rule name="Allow TFTP" protocol=UDP localport=69 >nul 2>nul
netsh advfirewall firewall add rule name="Allow TFTP" protocol=UDP dir=in localport=69 action=allow >nul 2>nul
echo,Allow TFTP
pause)
goto start
:6
rem 设置程序规则
rem 阻止%i%程序出站规则
rem netsh advfirewall firewall del rule name="%i%">nul 2>nul
rem netsh advfirewall firewall add rule name="%i%" program=%j% action=block dir=out>nul
pause
goto start
:7
rem 设置端口规则
set name=
set port=
set protocol=
set dir=
set action=
set /p name=定义一个规则名称(如 deny-TCP-445,Allow-tcp-3389):
set /P action=允许还是阻止规则(如 allow/block):
set /p port=输入要阻止的端口号(连续端口:1-65535;不连续端口:137,139,445):
set /p protocol=协议类别(TCP/udp):
echo 预制方向为:进入
echo,
netsh advfirewall firewall add rule name="%name%" dir=in protocol=%protocol% localport=%port% action=%action% >nul
echo,------------------------------------------------------------------------
echo,规则名为:[%name%] 动作为:%action% 方向为:进入 协议为:%protocol% 端口为:%port% 的阻止规则已经建立。
echo,------------------------------------------------------------------------
pause
goto start
:8
rem 设置ip规则
set name=
set action=
set remoteip=
set /p name=起一个ip规则名称(如 deny-ip-1.1.1.1,Allow-ip-2.2.2.2):
set /P action=允许还是阻止规则(如 allow/block):
set /p remoteip=远程ip地址(如:8.8.8.8):
echo 预制方向为:进入
echo,
netsh advfirewall firewall add rule name="%name%" dir=in action=%action% remoteip=%remoteip% >nul
echo,------------------------------------------------------------------------
echo,规则名为:[%name%] 动作为:%action% 方向为:进入 远程ip为:%remoteip% 的阻止规则已经建立。
echo,------------------------------------------------------------------------
pause
goto start
:9
rem 下面添加要加入到例外的端口号
rem 这里使用all,表示TCP与UDP.如果只是tcp或UDP,可以改成相应的
set name=
set port=
set /p name=起一个例外规则名称(如 polycom-port-123):
set /p port=指定例外的端口号(如 25;20-21)
netsh firewall set portopening all %port% "%name%" enable
rem 删除的方法把里面的set用delete代替,后面的名字和enable用空格代替
rem netsh firewall delete portopening all 3230
pause
goto start
:10
rem 导出防火墙配置到文件
choice /C YN /n /m "导出防火墙配置输入 Y, 恢复防火墙配置输入 N [Y/N]:"
if %errorlevel% ==1 (IF EXIST exportfile.pol DEL /Q /F outfirewall.pol >NUL 2>NUL
netsh advfirewall export ".\outfirewall.pol" >NUL
echo,
IF EXIST outfirewall.pol echo 防火墙配置文件导出成功
FOR /F "delims==" %%i IN ('dir /b outfirewall.pol') DO @echo 文件位置%%~dpi%%i 生成时间%%~ti
pause
goto start
)
:importfile
if %errorlevel% ==2 (
echo, &echo 将导入文件名复制到当前目录并更名为infirewall.pol&pause
if not exist infirewall.pol (
echo,
echo infirewall.pol文件不存在
echo,
goto importfile
) else (
echo,
netsh advfirewall import infirewall.pol >nul &&echo,防火配置文件导入成功!
echo,
pause)
goto start
)
goto start
:11
rem 恢复防火墙默认策略
netsh advfirewall reset
echo,已经恢复为默认防火墙策略
pause
goto start
:12
rem 根据规则名称如xxxx查询内容
netsh advfirewall firewall show rule name=all type=static verbose | find /i "规则名称:" >firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
start notepad firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
rem del firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
set serfile=
set /P serfile=输入查询规则名称:
NETSH ADVFIREWALL FIREWALL SHOW RULE NAME="%serfile%" verbose
pause
goto start
:13
rem 删除规则
echo,删除的规则名称可以通过[12:查询规则名称]找到
echo,
set delfile=
set /P delfile=输入要删除的规则名称:
netsh advfirewall firewall delete rule name="%delfile%">nul &&echo,已删除%delfile%规则
echo,
pause
goto start
:14
echo,稍等片刻......
ping -n 2 127.0.0.1>nul
start %windir%\system32\WF.msc
goto start
:00
exit
For the convenience of managing the Windows system firewall, this batch script was specially written.
First release, please bear with me.
@echo off
rem Obtain administrator privileges (for systems after XP)
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d %~dp0
:start
color b
cls
title System Firewall Management Settings
echo,
echo,
echo, "System Firewall Management Settings"
echo,
echo ==========================================================================
echo, 1: Firewall Status Detection 2: Turn Firewall Off/On 3: One-click Turn Off/Recover File Sharing Ports
echo,
echo, 4: Turn Off/Recover 3389 Port 5: Enable General Service Ports 6: Set Program Rules
echo,
echo, 7: Set Port Rules 8: Set IP Rules 9: Add Exception Port
echo,
echo, 10: Export/Import Configuration 11: Restore Default Policy 12: Query Rule Name 13: Delete Rule
echo,
echo, 00: Exit! 14: Open System Firewall Console
echo ==========================================================================
echo,
set num=
set/p num=Please enter the serial number of the setting item :
if /I "%num%"=="" echo Input is empty, please enter again! &pause&goto start
echo %num%|findstr /be "*" >nul && echo, || echo Input error, please enter again! &&pause&&goto start
if %num%==1 goto 1
if %num%==2 goto 2
if %num%==3 goto 3
if %num%==4 goto 4
if %num%==5 goto 5
if %num%==6 goto 6
if %num%==7 goto 7
if %num%==8 goto 8
if %num%==9 goto 9
if %num%==10 goto 10
if %num%==11 goto 11
if %num%==12 goto 12
if %num%==13 goto 13
if %num%==14 goto 14
if %num%==00 goto 00
goto start
:1
rem Status query
netsh advfirewall show allprofiles
pause
goto start
:2
rem Start firewall service
choice /C YN /n /m "Enter Y to start the firewall, enter N to turn off the firewall :"
if %errorlevel% equ 1 (sc config MpsSvc start= auto>nul 2>nul
netsh advfirewall set allprofiles state on >nul 2>nul &&echo,Firewall service has been started
netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound >nul
pause)
if %errorlevel% equ 2 (netsh advfirewall set allprofiles state off >nul 2>nul
sc config MpsSvc start= disabled >nul 2>nul &&echo,Firewall service has been turned off
pause)
goto start
:3
choice /C YN /n /m "Enter Y to one-click turn off file sharing ports, enter N to one-click recover file sharing ports :"
if %errorlevel% equ 1 ( REM One-click turn off file sharing ports
netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul
netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul
netsh advfirewall firewall add rule name="deny-TCP-445,135,137,138,139" dir=in action=block protocol=TCP localport=445,135,137,138,139 >nul 2>nul
netsh advfirewall firewall add rule name="deny-UDP-445,135,137,138,139" dir=in action=block protocol=UDP localport=445,135,137,138,139 >nul 2>nul
echo, &echo,TCP^&UDP ports have been closed
pause
)
if %errorlevel% equ 2 ( REM One-click recover file sharing ports
netsh advfirewall firewall del rule name="deny-TCP-445,135,137,138,139" >nul 2>nul
netsh advfirewall firewall del rule name="deny-UDP-445,135,137,138,139" >nul 2>nul
echo, &echo,TCP^&UDP ports have been recovered
pause
)
goto start
:4
rem Turn off/recover 3389 port
choice /C YN /n /m "Enter Y to turn off 3389 port, enter N to recover 3389 port :"
if %errorlevel% equ 1 ( rem Block 3389 service port
netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul
netsh advfirewall firewall add rule name=block-server-3389 dir=in action=block protocol=TCP localport=3389 >nul 2>nul
echo,TCP port has been blocked
pause)
if %errorlevel% equ 2 ( rem Recover 3389 service policy
netsh advfirewall firewall delete rule name=block-server-3389 protocol=tcp localport=3389 >nul 2>nul
echo,TCP port has been recovered
pause)
goto start
:5
rem Enable general service ports
choice /C 123456789 /n /m " >>>>>>>>>>>>>>>> Enter serial number :"
if %errorlevel% equ 1 ( netsh advfirewall firewall delete rule name="Allow Ping" protocol=icmpv4 >nul 2>nul
netsh advfirewall firewall add rule name="Allow Ping" dir=in protocol=icmpv4 action=allow >nul 2>nul
rem ICMP Allow incoming
echo,Allow Ping
pause)
if %errorlevel% equ 2 ( netsh advfirewall firewall delete rule name="Allow FTP" protocol=TCP localport=20,21 >nul 2>nul
netsh advfirewall firewall add rule name="Allow FTP" protocol=TCP dir=in localport=20,21 action=allow >nul 2>nul
echo,Allow FTP
pause)
if %errorlevel% equ 3 ( netsh advfirewall firewall delete rule name="Allow SSH" protocol=TCP localport=22 >nul 2>nul
netsh advfirewall firewall add rule name="Allow SSH" protocol=TCP dir=in localport=22 action=allow >nul 2>nul
Echo,Allow SSH
pause)
if %errorlevel% equ 4 ( netsh advfirewall firewall delete rule name="Allow Telnet" protocol=TCP localport=23 >nul 2>nul
netsh advfirewall firewall add rule name="Allow Telnet" protocol=TCP dir=in localport=23 action=allow >nul 2>nul
echo,Allow Telnet
pause)
if %errorlevel% equ 5 ( netsh advfirewall firewall delete rule name="Allow mail" protocol=TCP localport=25,110 >nul 2>nul
netsh advfirewall firewall add rule name="Allow mail" protocol=TCP dir=in localport=25,110 action=allow >nul 2>nul
echo,Allow SMTP AND POP3
pause)
if %errorlevel% equ 6 ( netsh advfirewall firewall delete rule name="Allow HTTP and HTTPS" protocol=TCP localport=80,443 >nul 2>nul
netsh advfirewall firewall add rule name="Allow HTTP and HTTPS" protocol=TCP dir=in localport=80,443 action=allow >nul 2>nul
echo,Allow HTTP AND HTTPS
pause)
if %errorlevel% equ 7 ( netsh advfirewall firewall delete rule name="Allow TFTP" protocol=UDP localport=69 >nul 2>nul
netsh advfirewall firewall add rule name="Allow TFTP" protocol=UDP dir=in localport=69 action=allow >nul 2>nul
echo,Allow TFTP
pause)
goto start
:6
rem Set program rules
rem Block outbound rule for %i% program
rem netsh advfirewall firewall del rule name="%i%">nul 2>nul
rem netsh advfirewall firewall add rule name="%i%" program=%j% action=block dir=out>nul
pause
goto start
:7
rem Set port rules
set name=
set port=
set protocol=
set dir=
set action=
set /p name=Define a rule name (such as deny-TCP-445,Allow-tcp-3389):
set /P action=Allow or block rule (such as allow/block):
set /p port=Enter the port number to block (continuous port:1-65535; non-continuous port:137,139,445):
set /p protocol=Protocol category (TCP/udp):
echo The prefabricated direction is: incoming
echo,
netsh advfirewall firewall add rule name="%name%" dir=in protocol=%protocol% localport=%port% action=%action% >nul
echo,------------------------------------------------------------------------
echo,Rule name: Action: %action% Direction: incoming Protocol: %protocol% Port: %port% blocking rule has been established.
echo,------------------------------------------------------------------------
pause
goto start
:8
rem Set IP rules
set name=
set action=
set remoteip=
set /p name=Give an IP rule name (such as deny-ip-1.1.1.1,Allow-ip-2.2.2.2):
set /P action=Allow or block rule (such as allow/block):
set /p remoteip=Remote IP address (such as: 8.8.8.8):
echo The prefabricated direction is: incoming
echo,
netsh advfirewall firewall add rule name="%name%" dir=in action=%action% remoteip=%remoteip% >nul
echo,------------------------------------------------------------------------
echo,Rule name: Action: %action% Direction: incoming Remote IP: %remoteip% blocking rule has been established.
echo,------------------------------------------------------------------------
pause
goto start
:9
rem Add port numbers to be added to exceptions below
rem Here use all, which means TCP and UDP. If it is only tcp or UDP, it can be changed to the corresponding
set name=
set port=
set /p name=Give an exception rule name (such as polycom-port-123):
set /p port=Specify the port number of the exception (such as 25;20-21)
netsh firewall set portopening all %port% "%name%" enable
rem The method of deletion replaces set with delete in it, and replaces the following name and enable with spaces
rem netsh firewall delete portopening all 3230
pause
goto start
:10
rem Export firewall configuration to file
choice /C YN /n /m "Enter Y to export firewall configuration, enter N to restore firewall configuration :"
if %errorlevel% ==1 (IF EXIST exportfile.pol DEL /Q /F outfirewall.pol >NUL 2>NUL
netsh advfirewall export ".\outfirewall.pol" >NUL
echo,
IF EXIST outfirewall.pol echo Firewall configuration file exported successfully
FOR /F "delims==" %%i IN ('dir /b outfirewall.pol') DO @echo File location%%~dpi%%i Generation time%%~ti
pause
goto start
)
:importfile
if %errorlevel% ==2 (
echo, &echo Copy the import file name to the current directory and rename it to infirewall.pol&pause
if not exist infirewall.pol (
echo,
echo infirewall.pol file does not exist
echo,
goto importfile
) else (
echo,
netsh advfirewall import infirewall.pol >nul &&echo,Fire protection configuration file imported successfully!
echo,
pause)
goto start
)
goto start
:11
rem Restore firewall default policy
netsh advfirewall reset
echo,Has been restored to default firewall policy
pause
goto start
:12
rem Query content according to rule name such as xxxx
netsh advfirewall firewall show rule name=all type=static verbose | find /i "Rule name:" >firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
start notepad firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
rem del firewall%date:~0,4%-%date:~5,2%-%date:~8,2%.txt
set serfile=
set /P serfile=Enter the rule name to query:
NETSH ADVFIREWALL FIREWALL SHOW RULE NAME="%serfile%" verbose
pause
goto start
:13
rem Delete rule
echo,The rule name to be deleted can be found through
echo,
set delfile=
set /P delfile=Enter the rule name to delete:
netsh advfirewall firewall delete rule name="%delfile%">nul &&echo,Rule %delfile% has been deleted
echo,
pause
goto start
:14
echo,Please wait a moment......
ping -n 2 127.0.0.1>nul
start %windir%\system32\WF.msc
goto start
:00
exit
|