等保要求会禁止一些常见高危端口,一个个设置太麻烦直接脚本化就方便了,我为了偷懒其实这几个端口不是tcp udp全封,我为了安全吧都加入了,开启后可能打印机或者共享有问题,视情况删减
@echo off
%1 mshta vbscript:CreateObject(“Shell.Application”).ShellExecute(“cmd.exe”,”/c %~s0 ::”,””,”runas”,1)(window.close)&&exit
::管理员运行
net start MpsSvc
::开启服务
sc config MpsSvc start= auto
::开机启动
netsh advfirewall set allprofiles state on
::启用防火墙
::开启相关端口入站拒绝规则
netsh advfirewall firewall add rule name = “Disable port 135 TCP” dir = in action = block protocol = TCP localport = 135
netsh advfirewall firewall add rule name = “Disable port 135 UDP” dir = in action = block protocol = UDP localport = 135
netsh advfirewall firewall add rule name = “Disable port 137 TCP” dir = in action = block protocol = TCP localport = 137
netsh advfirewall firewall add rule name = “Disable port 137 UDP” dir = in action = block protocol = UDP localport = 137
netsh advfirewall firewall add rule name = “Disable port 138 TCP” dir = in action = block protocol = TCP localport = 138
netsh advfirewall firewall add rule name = “Disable port 138 UCP” dir = in action = block protocol = UDP localport = 138
netsh advfirewall firewall add rule name = “Disable port 139 TCP” dir = in action = block protocol = TCP localport = 139
netsh advfirewall firewall add rule name = “Disable port 139 UCP” dir = in action = block protocol = UDP localport = 139
netsh advfirewall firewall add rule name = “Disable port 445 TCP” dir = in action = block protocol = TCP localport = 445
netsh advfirewall firewall add rule name = “Disable port 445 UDP” dir = in action = block protocol = UDP localport = 455
