高危端口屏蔽及查看端口是否关闭 - 网吧备忘录-关注网吧行业动态，收集并分享网吧无盘技术及软件，鄙视网吧恶意广告行为

echo 删除同名策略
netsh ipsec static delete policy ShieldDangerousPort

echo 生成策略中
netsh ipsec static add policy name=ShieldDangerousPort

echo 建立一个筛选器操作”阻止”
Netsh ipsec static add filteraction name = 阻止 action =block

echo 建立一个筛选器列表“可访问的终端列表”
Netsh ipsec static add filterlist name = ShieldDangerousPortFilter

Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=445 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=135 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=138 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=137 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=139 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1443 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1444 protocol=tcp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=445 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=135 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=138 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=137 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=139 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1443 protocol=udp
Netsh ipsec static add filter filterlist = ShieldDangerousPortFilter srcaddr=any dstaddr=me dstport=1444 protocol=udp

echo 建立策略规则
Netsh ipsec static add rule name =阻止高危端口 Policy =ShieldDangerousPort filterlist =ShieldDangerousPortFilter filteraction = 阻止

echo 激活策略
netsh ipsec static set policy name = ShieldDangerousPort assign = y

以上改为批处理就可以了。封的端口为：TCP和UDP的135 137 138 139 445 1443 1444 duankou

查看445端口是否关闭：
netstat -ano -p tcp | find "445" >nul 2>nul && echo 445端口已开启请尽快关闭端口并打补丁 || echo 445端口未开启您可以放心使用

懒人下载：高危端口关闭.rar