【66元】求助一个批量加IP安全策略的批处理程序 <脚本已分享>【已解决】 - 有偿求助 - 批处理之家 BAT,CMD,批处理,PowerShell,VBS,DOS

Rank: 6 Rank: 6

帖子: 1150
积分: 1997
技术: 239
捐助: 0
注册时间: 2017-3-20

1楼 跳转到 »

发表于 2019-7-12 22:52 | 显示全部帖子

0<1/*,:
@echo off
REM 脚本用于创建IPSec安全策略，阻止国外IP访问本地机器,必须以管理员身份运行
REM 创建netsh Script
cscript -nologo -e:jscript %0
REM 执行netsh Script
netsh -f "%~dp0netshScript.txt"
pause
exit /b
*/
;
var xhr = (function () {
  var aXMLHttpVers = ['MSXML2.XMLHTTP.6.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP', 'Microsoft.XMLHTTP'];
  for (var i = 0; i < aXMLHttpVers.length; i++) {
    try {
      return WScript.CreateObject(aXMLHttpVers[i]);
    } catch (error) {}
  }
  return null;
})();
if (xhr === null) WScript.Quit(1);
var wshell = new ActiveXObject('WScript.Shell');
var fso = new ActiveXObject('Scripting.FileSystemObject');
var currDir = fso.GetParentFolderName(WScript.ScriptFullName);
var ipfile = currDir + '\\ip.txt';
var netshScript = currDir + '\\netshScript.txt'
xhr.onReadystateChange = function () {
  if (xhr.readyState == 4) {
    var re = /\|(?:CN|HK|MO)\|ipv4\|((?:\d+\.){3}\d+)\|(\d+)/g;
    var str = xhr.responseText;
    var arrIP;
    var tsWrite1 = fso.openTextFile(ipfile, 2, true, -2);
    var tsWrite2 = fso.openTextFile(netshScript, 2, true, -2);
    // initialize netshScript.txt
    tsWrite2.WriteLine('ipsec static');
    tsWrite2.WriteLine('set batch enable');
    // delete old policy policy1
    tsWrite2.WriteLine('delete policy name="policy1"');
    // add filterlist
    tsWrite2.WriteLine('add filterlist name="白名单" description="允许访问本地服务器的IP列表"');
    tsWrite2.WriteLine('add filterlist name="所有地址" description="所有IP列表"');
    // 更新IP列表, netsh脚本 netshScript.txt
    // add filters to filterlist 白名单
    while (arrIP = re.exec(str)) {
      var ip = arrIP[1];
      var prefix = 32 - Math.log(+arrIP[2]) / Math.log(2);
      tsWrite1.WriteLine(ip + '/' + prefix);
      tsWrite2.WriteLine('add filter filterlist="白名单" description="CNIP" srcaddr=' + ip + ' srcmask=' + prefix + ' dstaddr=me protocol=any mirrored=yes');
    }
    // add filters to filterlist 所有地址
    tsWrite2.WriteLine('add filter filterlist="所有地址" description="ALL" srcaddr=any dstaddr=me protocol=any mirrored=yes');
    // add filteraction permit
    tsWrite2.WriteLine('add filteraction name="允许" description="允许访问" action=permit');
    // add filteraction block
    tsWrite2.WriteLine('add filteraction name="阻止" description="禁止访问" action=block');
    // add policy
    tsWrite2.WriteLine('add policy name="policy1" description="policy1"');
    // add rule
    tsWrite2.WriteLine('add rule name="允许规则" description="允许白名单访问规则" policy="policy1" filterlist="白名单" filteraction="允许" activate=yes');
    tsWrite2.WriteLine('add rule name="阻止规则" description="禁止所有IP访问规则" policy="policy1" filterlist="所有地址" filteraction="阻止" activate=yes');
    // tsWrite2.WriteLine('delete filterlist name="白名单"'); //先删除原来的IP列表; filterlist被占用时无法被删除的
    // tsWrite2.WriteLine('add filterlist name="白名单" description="允许访问本地服务器的IP列表"'); //再创建新的IP列表
    // activate policy1
    tsWrite2.WriteLine('set policy name="policy1" assign=yes');
    tsWrite1.close();
    tsWrite2.close();
    WScript.Quit();
  }
};

var url = 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest'; //更新IP地址库的来源网址
xhr.open('GET', url, true);
xhr.send();

while (true) {
  WScript.Sleep(100);
}
复制代码

微信:flashercs
QQ:49908356

TOP

返回列表

[新手上路]批处理新手入门导读	[视频教程]批处理基础视频教程	[视频教程]VBS基础视频教程	[批处理精品]批处理版照片整理器
[批处理精品]纯批处理备份&还原驱动	[批处理精品]CMD命令50条不能说的秘密	[在线下载]第三方命令行工具	[在线帮助]VBScript / JScript 在线参考

[收藏此主题] [关注此主题的新回复]

[通过 QQ、MSN 分享给朋友]