本脚本功能,自动开启网卡中 TCP/IP 筛选器功能,然后自动批量添加您定义的端口,非常方便,一般设置了IP过滤就可以不用Windows防火墙了,在win2003上测试通过,如果看不懂或远程端口不是3389的请不要直接运行,您自己要修改下,如果觉得好别忘了注明出处。
使用方法:将以下代码存为duankou.vbs放在C:\然后运行cscript c:\duankou.vbs 或直接双击此vbs文件也可以。
On Error Resume Next
Const ALLOW_ALL = "0" '0表示全部允许,空表示全部拒绝,自定义用逗号隔开
arrPermittedTCPPorts = Array(ALLOW_ALL) 'TCP端口
arrPermittedTCPPorts = Array("20", "21", "25", "80", "110", "1433", "3306", "33000", "33001", "33002", "33003", "3389")
arrPermittedUDPPorts = Array("") 'UDP端口
arrPermittedIPProtocols = Array(ALLOW_ALL) 'IP协议
strComputer = "." '计算机名
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colNicConfig = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
For Each objNicConfig in colNicConfig
WScript.Echo VbCrLf & " Network Adapter " & objNicConfig.Index
If not objNicConfig.IPFilterSecurityEnabled Then
WScript.Echo "正在启动 TCP/IP 筛选功能..."
Call enableipfilter()
end if
WScript.Echo "正在设置 TCP/IP 筛选端口与协议..."
intIPSecReturn = objNicConfig.EnableIPSec(arrPermittedTCPPorts, _
arrPermittedUDPPorts, arrPermittedIPProtocols)
If intIPSecReturn = 0 Then
WScript.Echo "成功"
ElseIf intIPSecReturn = 1 Then
WScript.Echo "成功,重启后生效."
Else
WScript.Echo "失败"
End If
Next
sub enableipfilter()
dim objAllNicsConfig , intFilterReturn
Set objAllNicsConfig = objWMIService.Get("Win32_NetworkAdapterConfiguration")
intFilterReturn = objAllNicsConfig.EnableIPFilterSec(True)
If intFilterReturn = 0 Then
WScript.Echo "成功"
SpecifyFilters
ElseIf intFilterReturn = 1 Then
WScript.Echo "成功,重启后生效。"
Else
WScript.Echo "失败"
End If
end sub
WScript.Echo vbcrlf & vbcrlf & "本程序运行结束 by SUN"
|
