关闭Windows高危端口

@echo off

color 1f

title 关闭135 137 138 139 445 端口

netsh ipsec static add policy name=HW_Policy

netsh ipsec static add filterlist name=HW_FilterBlock

netsh ipsec static add filter filterlist=HW_FilterBlock srcaddr=Any dstaddr=Me dstport=135 protocol=TCP

netsh ipsec static add filter filterlist=HW_FilterBlock srcaddr=Any dstaddr=Me dstport=137 protocol=UDP

netsh ipsec static add filter filterlist=HW_FilterBlock srcaddr=Any dstaddr=Me dstport=138 protocol=UDP

netsh ipsec static add filter filterlist=HW_FilterBlock srcaddr=Any dstaddr=Me dstport=139 protocol=TCP

netsh ipsec static add filter filterlist=HW_FilterBlock srcaddr=Any dstaddr=Me dstport=445 protocol=TCP

netsh ipsec static add filteraction name=HW_Block action=block

netsh ipsec static add rule name=HW_RuleBlock policy=HW_Policy filterlist=HW_FilterBlock filteraction=HW_Block

netsh ipsec static set policy name=HW_Policy assign=y

pause

netsh ipsec static show filterlist name=HW_FilterBlock level=verbose format=table | findstr "TCP" | findstr "135"

netsh ipsec static show filterlist name=HW_FilterBlock level=verbose format=table | findstr "UDP" | findstr "137"

netsh ipsec static show filterlist name=HW_FilterBlock level=verbose format=table | findstr "UDP" | findstr "138"

netsh ipsec static show filterlist name=HW_FilterBlock level=verbose format=table | findstr "TCP" | findstr "139"

netsh ipsec static show filterlist name=HW_FilterBlock level=verbose format=table | findstr "TCP" | findstr "445"

::如需删除此安全策略，请执行如下命令：

::netsh ipsec static delete rule name=HW_RuleBlock policy=HW_Policy

::netsh ipsec static delete filteraction name=HW_Block

::netsh ipsec static delete filterlist name=HW_FilterBlock

::netsh ipsec static delete policy name=HW_Policy

@echo on