愚蠢的问题:
在Windows上有相当于iptables吗? 我可以通过cygwin安装吗?
真正的问题是:如何在Windows上完成通过iptables可以完成的任务? 只要寻找基本的防火墙function(例如阻止某些IP地址)
一种方法是使用netsh
命令:
netsh firewall
(在XP和2003之后弃用) netsh advfirewall
(Vista,7,和2008) WIPFW看起来非常有希望,特别是如果你的iptables规则创build风味。
在XP,Server 2003和更高版本中有一个内置的防火墙 。
它有一个API,通过它可以编程方式更改,启用和禁用规则。
以下是来自: https : //support.microsoft.com/en-us/kb/947709
示例1:启用一个程序
旧命令新命令
netsh firewall add allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLE netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=Domain netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=ALL
运行以下命令:
netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private
有关如何添加防火墙规则的更多信息,请运行以下命令:
netsh advfirewall firewall add rule ?
示例2:启用一个端口
旧命令新命令
netsh firewall add portopening TCP 80 "Open Port 80" netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80
有关如何添加防火墙规则的更多信息,请运行以下命令:
netsh advfirewall firewall add rule ?
示例3:删除启用的程序或端口
旧命令新命令
netsh firewall delete allowedprogram C:\MyApp\MyApp.exe netsh advfirewall firewall delete rule name=rule name program="C:\MyApp\MyApp.exe" delete portopening protocol=UDP port=500 netsh advfirewall firewall delete rule name=rule name protocol=udp localport=500
有关如何删除防火墙规则的更多信息,请运行以下命令:
netsh advfirewall firewall delete rule ?
示例4:configurationICMP设置
旧命令新命令
netsh firewall set icmpsetting 8 netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow netsh firewall set icmpsetting type=ALL mode=enable netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow netsh firewall set icmpsetting 13 disable all netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block
有关如何configurationICMP设置的更多信息,请运行以下命令:
netsh advfirewall firewall add rule ?
示例5:设置日志logging
旧命令新命令netsh firewall set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 4096 ENABLE ENABLE
运行以下命令:
netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log netsh advfirewall set currentprofile logging maxfilesize 4096 netsh advfirewall set currentprofile logging droppedconnections enable netsh advfirewall set currentprofile logging allowedconnections enable
有关更多信息,请运行以下命令:
netsh advfirewall set currentprofile ?
如果要为特定configuration文件设置日志logging,请使用以下选项之一而不是“currentprofile”选项:
Domainprofile
Privateprofile
Publicprofile
示例6:启用Windows防火墙
旧命令新命令
netsh firewall set opmode ENABLE netsh advfirewall set currentprofile state on netsh firewall set opmode mode=ENABLE exceptions=enable
运行以下命令:
Netsh advfirewall set currentprofile state on netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound netsh firewall set opmode mode=enable exceptions=disable profile=domain
运行以下命令:
Netsh advfirewall set domainprofile state on netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound netsh firewall set opmode mode=enable profile=ALL Run the following commands: netsh advfirewall set domainprofile state on netsh advfirewall set privateprofile state on
有关更多信息,请运行以下命令:
netsh advfirewall set currentprofile ?
如果要为特定configuration文件设置防火墙状态,请使用以下选项之一而不是“currentprofile”选项:Domainprofile
Privateprofile
Publicprofile
示例7:恢复策略默认值
旧命令新命令
netsh firewall reset netsh advfirewall reset
有关更多信息,请运行以下命令:netsh advfirewall reset? 示例8:启用特定的服务
旧命令新命令netsh防火墙设置服务FileAndPrint netsh advfirewall防火墙设置规则组=“文件和打印机共享”新启用=是netsh防火墙设置服务RemoteDesktop启用netsh advfirewall防火墙设置规则组=“远程桌面”新启用=是netsh防火墙设置service RemoteDesktop enable profile = ALL运行以下命令:
netsh advfirewall防火墙设置规则组=“远程桌面”新启用=是configuration文件=域
netsh advfirewall防火墙设置规则组=“远程桌面”新启用=是configuration文件=私人