Windows
Windows 8 - 命令行中的防火牆問題
我創建了以下腳本基本上是為了完全阻止所有內容,只允許通過我想要的,但是它不允許通過我喜歡的網際網路。誰能看到我的規則有問題?目前它們非常通用。
@ECHO OFF ECHO ========================================= Brendan Thompson - Firewall Policy - v1.0 ========================================= ECHO ----------------------------------------- Removing All Firewall Rules ----------------------------------------- ECHO Deleting all Incoming Firewall Rules netsh advfirewall firewall delete rule name=all dir=in profile=any ECHO Deleting all Outgoing Firewall Rules netsh advfirewall firewall delete rule name=all dir=out profile=any ECHO Delete all Remaining Firewall Rules netsh advfirewall firewall delete rule name=all ECHO ----------------------------------------- Initial Profile Setup ----------------------------------------- ECHO Block all Incoming and Outgoing Traffic on Domain Profile netsh advfirewall set domainprofile firewallpolicy blockinbound,blockoutbound ECHO Block all Incoming and Outgoing Traffic on Private Profile netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound ECHO Block all Incoming and Outgoing Traffic on Public Profile netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound ECHO ----------------------------------------- Domain and Private Profile - Incoming Application Exceptions ----------------------------------------- netsh advfirewall firewall add rule name="APP - BROWSER - Internet Explorer" dir=in action=allow profile=domain,private program="C:\Program Files\Internet Explorer\iexplore.exe" ECHO ----------------------------------------- Domain and Private Profile - Outgoing Application Exceptions ----------------------------------------- netsh advfirewall firewall add rule name="APP - BROWSER - Internet Explorer" dir=out action=allow profile=domain,private program="C:\Program Files\Internet Explorer\iexplore.exe" ECHO ----------------------------------------- Domain and Private Profile - Incoming Port Exceptions ----------------------------------------- netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - TCP" dir=in action=allow protocol=TCP localport=80 netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - UDP" dir=in action=allow protocol=UDP localport=80 ECHO ----------------------------------------- Domain and Private Profile - Outgoing Port Exceptions ----------------------------------------- netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - TCP" dir=out action=allow protocol=TCP localport=80 netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - UDP" dir=out action=allow protocol=UDP localport=80
有什麼想法會導致我無法瀏覽網頁嗎?:S
——布倫丹
你的規則是錯誤的。對於
Incoming Port Exceptions
,您必須允許從埠80到**高埠(1024 - 65535)**的流量。對於
Outgoing Port Exceptions
,您必須允許從High 埠(1024 - 65535)到埠80的流量您的流量如下所示
- Begin: You send HTTP request YourPC(High port) ----> (80)Webserver - Then : Webserver send HTTP respone YourPC(High port) <---- (80)Webserver
您的規則不允許這些流量,它只允許流量到您的機器埠 80。
您需要允許 DNS 出站 (dst udp/53)。我建議在所有配置文件上啟用 Windows 防火牆日誌記錄並查看日誌“c:\windows\system32\logfiles\pfirewall.log”以查看被阻止的內容。
您的出站 IE 規則也需要將“localport”切換為“remoteport”