Windows之defender防火墙

user8288612657632
183 阅读3分钟

概述

  • Windows系统自带的软件防火墙,实现按照特定的规则,允许和限制传输的数据流量通过;

  • 可以配置其入栈规则和出栈规则来实现流量限制:

    • 入栈(入站):外部主机发送给当前主机的流量;
    • 出栈(出站):当前主机发送给外部主机的流量;

  • 在运行窗口输入以下命令,打开防火墙界面

  1. firewall.cpl

image.png

图形化界面配置案例

  • 新建规则

image-20240327174730570

  • 确定目标流量特征(协议类型)

image-20240327174942406

  • 设置规则名称

image-20240327175053871

命令

  • netsh advfirewall firewall
  1. add - 添加新入站或出站防火墙规则。
  2. delete - 删除所有匹配的防火墙规则。
  3. set - 为现有规则的属性设置新值。
  4. show - 显示指定的防火墙规则。

添加

  1. add rule name=<string> 规则名称
  2. dir=in|out 流量方向:in表示入栈,out表示出栈
  3. action=allow|block|bypass 执行动作:allow表示放行,block表示阻止
  4. [program=<program path>] 程序类型
  5. [service=<service short name>|any] 服务类型
  6. [description=<string>] 描述信息
  7. [enable=yes|no (default=yes)] 规则是否启用
  8. [profile=public|private|domain|any[,...]] 配置文件(针对哪个网络)
  9. [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>] 针对的本地IP地址
  10. [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| 针对的远程IP地址
  11. <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
  12. [localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=any)] 针对的本地端口
  13. [remoteport=0-65535|<port range>[,...]|any (default=any)] 针对的远程端口
  14. [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| 针对的协议类型
  15. tcp|udp|any (default=any)]

修改

  1. set rule
  2. group=<string> | name=<string>
  3. [dir=in|out]
  4. [profile=public|private|domain|any[,...]]
  5. [program=<program path>]
  6. [service=service short name|any]
  7. [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
  8. [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
  9. <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
  10. [localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any]
  11. [remoteport=0-65535|<port range>[,...]|any]
  12. [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
  13. tcp|udp|any]
  14. new
  15. [name=<string>]
  16. [dir=in|out]
  17. [program=<program path>
  18. [service=<service short name>|any]
  19. [action=allow|block|bypass]
  20. [description=<string>]
  21. [enable=yes|no]
  22. [profile=public|private|domain|any[,...]]
  23. [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
  24. [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
  25. <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
  26. [localport=0-65535|RPC|RPC-EPMap|any[,...]]
  27. [remoteport=0-65535|any[,...]]
  28. [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
  29. tcp|udp|any]
  30. [interfacetype=wireless|lan|ras|any]
  31. [rmtcomputergrp=<SDDL string>]
  32. [rmtusrgrp=<SDDL string>]
  33. [edge=yes|deferapp|deferuser|no (default=no)]
  34. [security=authenticate|authenc|authdynenc|notrequired]

查询

  1. show rule name=<string>
  2. [profile=public|private|domain|any[,...]]
  3. [type=static|dynamic]
  4. [verbose]

删除

  1. delete rule name=<string>
  2. [dir=in|out]
  3. [profile=public|private|domain|any[,...]]
  4. [program=<program path>]
  5. [service=<service short name>|any]
  6. [localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
  7. [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
  8. <IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
  9. [localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|any]
  10. [remoteport=0-65535|<port range>[,...]|any]
  11. [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
  12. tcp|udp|any]

案例

概述

  • 添加入栈规则实现ICMP回显流量放行

命令配置

  1. netsh advfirewall firewall add rule name="ICMP规则" dir=in action=allow profile=any protocol=icmpv4:8,0

图形化界面配置案例

  • 新建规则

image-20240327174730570

  • 确定目标流量特征(协议类型)

image-20240327174942406

  • 设置规则名称

image-20240327175053871

avatar
文章
阅读
粉丝