windows 2003 禁止UDP的bat

udp除53 DNS解析，161 snmp監控端口 及時間同步服務123這三個udp的端口外，禁用全部udp出入站鏈接

新建 一個bat文件，複製以下內容到bat文件中，將文件名命名爲drop-udp.bat

複製代碼代碼以下:

@rem by www.jbxue.com netsh ipsec static add policy name=dropudp netsh ipsec static add filterlist name=allow-udp netsh ipsec static add filterlist name=drop-udp REM 添加篩選器到IP篩選器列表(容許上網) netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns訪問 protocol=udp mirrored=yesdstport=53 netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns訪問 protocol=udp mirrored=yesdstport=123 netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns訪問 protocol=udp mirrored=yesdstport=161 REM 添加篩選器到IP篩選器列表(不讓別人訪問) netsh ipsec static add filter filterlist=drop-udp srcaddr=any dstaddr=me description=別人到我任何訪問 protocol=udp mirrored=yes REM 添加篩選器操做 netsh ipsec static add filteraction name=allow-udp-port action=permit netsh ipsec static add filteraction name=drop-udp-port action=block REM 建立一個連接指定 IPSec 策略、篩選器列表和篩選器操做的規則(加入規則到個人安全策略) netsh ipsec static add rule name=容許規則 policy=dropudp filterlist=allow-udp filteraction=allow-udp-port netsh ipsec static add rule name=拒絕規則 policy=dropudp filterlist=drop-udp filteraction=drop-udp-port REM 激活個人安全策略 netsh ipsec static setpolicy name=dropudp assign=y  

保存後，雙擊運行便可 udp除53 DNS解析，161 snmp監控端口 及時間同步服務123這三個udp的端口外，禁用全部udp出入站鏈接。