以下批次命令是使用Netsh IPsec static建立阻止與允許的安全性原則,要設定多個允許IP,就紅字的部分多設幾個IP即可
echo 建立安全原則
Netsh IPsec static add policy name = SQLSecurity
echo 建立篩選器動作是阻止
Netsh IPsec static add filteraction name = Prohibit action = block
echo 建立篩選器動作是允許
Netsh IPsec static add filteraction name = Allow action = permit
echo 建立一個篩選器不可以訪問的篩選器
Netsh ipsec static add filter filterlist = ProhibitList Srcaddr = any dstaddr = me dstport = 1433 description = Stop protocol =TCP mirrored = yes
echo 建立一個篩選器可以訪問的篩選器
Netsh IPsec static add filterlist name = AllowList
echo 建立一個篩選器可以訪問的篩選器列表
Netsh IPsec static add filter filterlist = AllowList srcaddr = 192.168.1.3 dstaddr = me dstport = 1433 description = Client1 protocol = TCP mirrored = yes
echo 建立阻止規則,與安全原則、篩選器清單及篩選器動作作鏈結
Netsh ipsec static add rule name = ProhibitRule Policy = SQLSecurity filterlist = ProhibitList filteraction= Prohibit
echo 建立允許規則,與安全原則、篩選器清單及篩選器動作作鏈結
Netsh ipsec static add rule name = PermitRule Policy = SQLSecurity filterlist = AllowList filteraction= Allow
echo 啟動安全原則
netsh ipsec static set policy name = SQLSecurity assign = y
我在利用IPSec建立內部防火牆以提升資料庫安全2,有介紹設定交涉的步驟,這邊簡單對交涉與允許做了比較,供各位參考
最後提一下拒絕、允許與交涉這三個動作可以同時存在,比如說Windows系列的使用交涉,非Windows系列的使用允許,不在交涉與允許的IP就全部拒絕,這我在測試機上套用是OK的
0 意見:
張貼留言