Windows 防火墙可以配置多种策略来控制网络流量和保护计算机安全。以下是一些常见的防火墙策略, 带有中文注释:
#启用防火墙
netsh advfirewall set allprofiles state on
#允许指定程序的入站和出站流量
netsh advfirewall firewall add rule name="允许程序入站" dir=in action=allow program="C:\路径\到\程序.exe" netsh advfirewall firewall add rule name="允许程序出站" dir=out action=allow program="C: \路径\到\程序.exe" #允许特定端口的入站和出站流量
netsh advfirewall firewall add rule name="允许 TCP 端口入站" protocol=TCP dir=in localport=80 action=allownetsh advfirewall firewall add rule name="允
许 UDP 端口出站" protocol=UDP dir=out localport=53 action=allow
#阻止特定 IP 地址或范围的入站和出站流量
netsh advfirewall firewall add rule name="阻止IP 地址入站" dir=in action=block remoteip=1
92.168.1.1
netsh advfirewall firewall add rule name="阻止IP地址出站" dir=out action=block remoteip
=192.168.1.2
#允许或阻止特定应用程序的所有流量
netsh advfirewall firewall add rule name="允许应用程序所有流量" dir=in action=allow program="C:\路径\到\应用程序.exe" netsh advfirewall firewall add rule name="阻
止应用程序所有流量" dir=out action=block program="C:\路径\到\应用程序.exe"#允许或阻止特定端口范围的流量
netsh advfirewall firewall add rule name="允
许端口范围" dir=in action=allow protocol=TCP
localport=1000-2000
netsh advfirewall firewall add rule name="阻
止端口范围" dir=out action=block protocol=U
DP localport=3000-4000
#允许或阻止 ICMP 流量
netsh advfirewall firewall add rule name="允
许 ICMP 流量" dir=in action=allow
protocol=ICMPV4
netsh advfirewall firewall add rule name="阻
止 ICMP 流量" dir=out action=block protocol=I
CMPV6
#启用或禁用通知
netsh advfirewall set allprofiles firewallpolicy
blockinbound,allowoutbound
netsh advfirewall set allprofiles settings loggi
ng filename="%systemroot%\system32\LogFile
s\Firewall\pfirewall.log"
#配置高级安全性设置
netsh advfirewall set allprofiles settings custo
mize
netsh advfirewall set allprofiles settings icmps
ettings type=8 code=0 mode=enable
netsh advfirewall set allprofiles settings rulem
erge=enable
#显示和导出配置
netsh advfirewall firewall show rule name=all
netsh advfirewall export "C:\路径\到\防火墙规则. wfw" 请注意,上述命令中的路径和程序名称应根据您的具体要求进行更改。此外,这些只是一些示例策略,您可以根据您的安全需求自定义更多规则。确保在配置防火墙策略之前仔细考虑网络安全和访问需求。