ipsec带注释的批处理
::建立一个名为name的策略
netsh ipsec static add policy name=name
::建立一个名为allow和一个名为deny的筛选器
netsh ipsec static add filterlist name=allow
netsh ipsec static add filterlist name=deny
::向allow筛选器添加允许规则
netsh ipsec static add filter filterlist=allow srcaddr=me dstaddr=any description=dns protocol=tcp mirrored=yes dstport=53
netsh ipsec static add filter filterlist=allow srcaddr=me dstaddr=any description=dns protocol=udp mirrored=yes dstport=53
::netsh ipsec static add filter filterlist=allow srcaddr=xxx.xxx srcmask=xxx.xxx dstaddr=me description=contrl_ip protocol=tcp mirrored=yes dstport=3389
netsh ipsec static add filter filterlist=allow srcaddr=xxx.xxx dstaddr=me description=contrl_ip protocol=tcp mirrored=yes dstport=3389
::向deny筛选器添加拒绝规则
netsh ipsec static add filter filterlist=deny srcaddr=any dstaddr=me description=any_to_me protocol=any mirrored=yes
netsh ipsec static add filter filterlist=deny srcaddr=me dstaddr=any description=me_to_any protocol=any mirrored=yes
::建立一个名为allow和一个名为deny的筛选器动作
netsh ipsec static add filteraction name=allow action=permit
netsh ipsec static add filteraction name=deny action=block
::指定 策略name,筛选器allow的动作为allow
::指定 策略name,筛选器deny的动作为deny
netsh ipsec static add rule name=allow policy=name filterlist=allow filteraction=allow
netsh ipsec static add rule name=deny policy=name filterlist=deny filteraction=deny ::指派 策略name 使之生效
netsh ipsec static set policy name=name assign=y