XP下的ipseccmd.exe 需要下载先,请自行google ,关键词 “ipseccmd 下载” ,或者到 http://ishare.iask.sina.com.cn/f/7579277.html下载
下面文章建议看下http://microsoft.cnfan.net/winsystem/3692.html 和 http://technet.microsoft.com/en-us/library/cc739550(WS.10).aspx#BKMK_add_rule
本博客主要目的是 屏蔽 某些ip段对本机80端口的访问,比较适用于windows服务器(如果是windows 2003 ,命令行相应的应该是 ipsec.exe )
命令如下
ipseccmd.exe -w reg -p "phpsir ipsec" -o ipseccmd.exe -w reg -p "phpsir ipsec" -r "block lijin 1.1" -f 1.1.*.*=*:80:TCP -n BLOCK ipseccmd.exe -w reg -p "phpsir ipsec" -r "block lijin 2.2" -f 2.2.*.*=*:80:TCP -n BLOCK ipseccmd.exe -w reg -p "phpsir ipsec" -y
win2003/win7的netsh 方法
netsh ipsec static set policy name="phpsir-deny-policy" assign=n netsh ipsec static delete policy name="phpsir-deny-policy" netsh ipsec static add policy name="phpsir-deny-policy" netsh ipsec static add filteraction name="phpsir-deny" action=block netsh ipsec static add filter filterlist="deny 1.1.1.1" srcaddr=1.1.1.1 srcport=0 dstaddr=me dstport=0 protocol=0 mirrored=yes netsh ipsec static add filter filterlist="deny 2.2.2.2" srcaddr=2.2.2.2 srcport=0 dstaddr=me dstport=0 protocol=0 mirrored=yes netsh ipsec static add rule name="11111" policy="phpsir-deny-policy" filterlist="deny 1.1.1.1" filteraction="phpsir-deny" netsh ipsec static add rule name="22222" policy="phpsir-deny-policy" filterlist="deny 2.2.2.2" filteraction="phpsir-deny" netsh ipsec static set policy name="phpsir-deny-policy" assign=y