Windows 8-命令行的防火墙问题
Windows 8-命令行的防火墙问题
提问于 2013-05-14 10:37:52
我创建了以下脚本,基本上是为了完全阻止一切,只允许通过我想要的,但是它不允许通过我喜欢的互联网。有人能看出我的规则有什么问题吗?目前,它们是相当通用的。
@ECHO OFF
ECHO ========================================= Brendan Thompson - Firewall Policy - v1.0 =========================================
ECHO ----------------------------------------- Removing All Firewall Rules -----------------------------------------
ECHO Deleting all Incoming Firewall Rules
netsh advfirewall firewall delete rule name=all dir=in profile=any
ECHO Deleting all Outgoing Firewall Rules
netsh advfirewall firewall delete rule name=all dir=out profile=any
ECHO Delete all Remaining Firewall Rules
netsh advfirewall firewall delete rule name=all
ECHO ----------------------------------------- Initial Profile Setup -----------------------------------------
ECHO Block all Incoming and Outgoing Traffic on Domain Profile
netsh advfirewall set domainprofile firewallpolicy blockinbound,blockoutbound
ECHO Block all Incoming and Outgoing Traffic on Private Profile
netsh advfirewall set privateprofile firewallpolicy blockinbound,blockoutbound
ECHO Block all Incoming and Outgoing Traffic on Public Profile
netsh advfirewall set publicprofile firewallpolicy blockinbound,blockoutbound
ECHO ----------------------------------------- Domain and Private Profile - Incoming Application Exceptions -----------------------------------------
netsh advfirewall firewall add rule name="APP - BROWSER - Internet Explorer" dir=in action=allow profile=domain,private program="C:\Program Files\Internet Explorer\iexplore.exe"
ECHO ----------------------------------------- Domain and Private Profile - Outgoing Application Exceptions -----------------------------------------
netsh advfirewall firewall add rule name="APP - BROWSER - Internet Explorer" dir=out action=allow profile=domain,private program="C:\Program Files\Internet Explorer\iexplore.exe"
ECHO ----------------------------------------- Domain and Private Profile - Incoming Port Exceptions -----------------------------------------
netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - TCP" dir=in action=allow protocol=TCP localport=80
netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - UDP" dir=in action=allow protocol=UDP localport=80
ECHO ----------------------------------------- Domain and Private Profile - Outgoing Port Exceptions -----------------------------------------
netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - TCP" dir=out action=allow protocol=TCP localport=80
netsh advfirewall firewall add rule name="PORT - GENERAL - HTTP (80) - UDP" dir=out action=allow protocol=UDP localport=80有什么问题会让我无法浏览网页吗?:S
-布兰登
回答 2
Server Fault用户
回答已采纳
发布于 2013-05-14 10:55:42
你的规则是错的。对于Incoming Port Exceptions,必须允许从端口80到高端口(1024-65535)的通信量。
对于Outgoing Port Exceptions,必须允许从高端口(1024-65535)到端口80的通信量
你的交通像这样
- Begin: You send HTTP request
YourPC(High port) ----> (80)Webserver
- Then : Webserver send HTTP respone
YourPC(High port) <---- (80)Webserver您的规则不允许这些通信,它只允许通信到您的计算机端口80。
Server Fault用户
发布于 2014-05-13 22:49:28
您需要允许DNS出站(dst /53)。我建议启用windows防火墙登录所有配置文件,并检查日志"c:\windows\system32\logfiles\pfirewall.log“,以查看哪些文件被阻塞。
您的出站IE规则还需要"localport“切换到”远程端口“。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/507608
复制相关文章
相似问题
腾讯云开发者
