- 0<1/*,:
- @echo off
- REM 脚本用于创建IPSec安全策略,阻止国外IP访问本地机器,必须以管理员身份运行
- REM 创建netsh Script
- cscript -nologo -e:jscript %0
- REM 执行netsh Script
- netsh -f "%~dp0netshScript.txt"
- pause
- exit /b
- */
- ;
- var xhr = (function () {
- var aXMLHttpVers = ['MSXML2.XMLHTTP.6.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP', 'Microsoft.XMLHTTP'];
- for (var i = 0; i < aXMLHttpVers.length; i++) {
- try {
- return WScript.CreateObject(aXMLHttpVers[i]);
- } catch (error) {}
- }
- return null;
- })();
- if (xhr === null) WScript.Quit(1);
- var wshell = new ActiveXObject('WScript.Shell');
- var fso = new ActiveXObject('Scripting.FileSystemObject');
- var currDir = fso.GetParentFolderName(WScript.ScriptFullName);
- var ipfile = currDir + '\\ip.txt';
- var netshScript = currDir + '\\netshScript.txt'
- xhr.onReadystateChange = function () {
- if (xhr.readyState == 4) {
- var re = /\|(?:CN|HK|MO)\|ipv4\|((?:\d+\.){3}\d+)\|(\d+)/g;
- var str = xhr.responseText;
- var arrIP;
- var tsWrite1 = fso.openTextFile(ipfile, 2, true, -2);
- var tsWrite2 = fso.openTextFile(netshScript, 2, true, -2);
- // initialize netshScript.txt
- tsWrite2.WriteLine('ipsec static');
- tsWrite2.WriteLine('set batch enable');
- // delete old policy policy1
- tsWrite2.WriteLine('delete policy name="policy1"');
- // add filterlist
- tsWrite2.WriteLine('add filterlist name="白名单" description="允许访问本地服务器的IP列表"');
- tsWrite2.WriteLine('add filterlist name="所有地址" description="所有IP列表"');
- // 更新IP列表, netsh脚本 netshScript.txt
- // add filters to filterlist 白名单
- while (arrIP = re.exec(str)) {
- var ip = arrIP[1];
- var prefix = 32 - Math.log(+arrIP[2]) / Math.log(2);
- tsWrite1.WriteLine(ip + '/' + prefix);
- tsWrite2.WriteLine('add filter filterlist="白名单" description="CNIP" srcaddr=' + ip + ' srcmask=' + prefix + ' dstaddr=me protocol=any mirrored=yes');
- }
- // add filters to filterlist 所有地址
- tsWrite2.WriteLine('add filter filterlist="所有地址" description="ALL" srcaddr=any dstaddr=me protocol=any mirrored=yes');
- // add filteraction permit
- tsWrite2.WriteLine('add filteraction name="允许" description="允许访问" action=permit');
- // add filteraction block
- tsWrite2.WriteLine('add filteraction name="阻止" description="禁止访问" action=block');
- // add policy
- tsWrite2.WriteLine('add policy name="policy1" description="policy1"');
- // add rule
- tsWrite2.WriteLine('add rule name="允许规则" description="允许白名单访问规则" policy="policy1" filterlist="白名单" filteraction="允许" activate=yes');
- tsWrite2.WriteLine('add rule name="阻止规则" description="禁止所有IP访问规则" policy="policy1" filterlist="所有地址" filteraction="阻止" activate=yes');
- // tsWrite2.WriteLine('delete filterlist name="白名单"'); //先删除原来的IP列表; filterlist被占用时无法被删除的
- // tsWrite2.WriteLine('add filterlist name="白名单" description="允许访问本地服务器的IP列表"'); //再创建新的IP列表
- // activate policy1
- tsWrite2.WriteLine('set policy name="policy1" assign=yes');
- tsWrite1.close();
- tsWrite2.close();
- WScript.Quit();
- }
- };
-
- var url = 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest'; //更新IP地址库的来源网址
- xhr.open('GET', url, true);
- xhr.send();
-
- while (true) {
- WScript.Sleep(100);
- }
复制代码
|