Windows相当于iptables?

愚蠢的问题:

在Windows上有相当于iptables吗? 我可以通过cygwin安装吗?

真正的问题是:如何在Windows上完成通过iptables可以完成的任务? 只要寻找基本的防火墙function(例如阻止某些IP地址)

一种方法是使用netsh命令:

  • netsh firewall (在XP和2003之后弃用)
  • netsh advfirewall (Vista,7,和2008)

WIPFW看起来非常有希望,特别是如果你的iptables规则创build风味。

在XP,Server 2003和更高版本中有一个内置的防火墙 。

它有一个API,通过它可以编程方式更改,启用和禁用规则。

以下是来自: https : //support.microsoft.com/en-us/kb/947709

示例1:启用一个程序

旧命令新命令

 netsh firewall add allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLE netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=Domain netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=ALL 

运行以下命令:

 netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private 

有关如何添加防火墙规则的更多信息,请运行以下命令:

 netsh advfirewall firewall add rule ? 

示例2:启用一个端口

旧命令新命令

 netsh firewall add portopening TCP 80 "Open Port 80" netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80 

有关如何添加防火墙规则的更多信息,请运行以下命令:

 netsh advfirewall firewall add rule ? 

示例3:删除启用的程序或端口

旧命令新命令

 netsh firewall delete allowedprogram C:\MyApp\MyApp.exe netsh advfirewall firewall delete rule name=rule name program="C:\MyApp\MyApp.exe" delete portopening protocol=UDP port=500 netsh advfirewall firewall delete rule name=rule name protocol=udp localport=500 

有关如何删除防火墙规则的更多信息,请运行以下命令:

 netsh advfirewall firewall delete rule ? 

示例4:configurationICMP设置

旧命令新命令

 netsh firewall set icmpsetting 8 netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow netsh firewall set icmpsetting type=ALL mode=enable netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow netsh firewall set icmpsetting 13 disable all netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block 

有关如何configurationICMP设置的更多信息,请运行以下命令:

 netsh advfirewall firewall add rule ? 

示例5:设置日志logging

旧命令新命令netsh firewall set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 4096 ENABLE ENABLE运行以下命令:

 netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log netsh advfirewall set currentprofile logging maxfilesize 4096 netsh advfirewall set currentprofile logging droppedconnections enable netsh advfirewall set currentprofile logging allowedconnections enable 

有关更多信息,请运行以下命令:

 netsh advfirewall set currentprofile ? 

如果要为特定configuration文件设置日志logging,请使用以下选项之一而不是“currentprofile”选项:
Domainprofile
Privateprofile
Publicprofile

示例6:启用Windows防火墙

旧命令新命令

 netsh firewall set opmode ENABLE netsh advfirewall set currentprofile state on netsh firewall set opmode mode=ENABLE exceptions=enable 

运行以下命令:

 Netsh advfirewall set currentprofile state on netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound netsh firewall set opmode mode=enable exceptions=disable profile=domain 

运行以下命令:

 Netsh advfirewall set domainprofile state on netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound netsh firewall set opmode mode=enable profile=ALL Run the following commands: netsh advfirewall set domainprofile state on netsh advfirewall set privateprofile state on 

有关更多信息,请运行以下命令:

 netsh advfirewall set currentprofile ? 

如果要为特定configuration文件设置防火墙状态,请使用以下选项之一而不是“currentprofile”选项:Domainprofile
Privateprofile
Publicprofile

示例7:恢复策略默认值

旧命令新命令

 netsh firewall reset netsh advfirewall reset 

有关更多信息,请运行以下命令:netsh advfirewall reset? 示例8:启用特定的服务

旧命令新命令netsh防火墙设置服务FileAndPrint netsh advfirewall防火墙设置规则组=“文件和打印机共享”新启用=是netsh防火墙设置服务RemoteDesktop启用netsh advfirewall防火墙设置规则组=“远程桌面”新启用=是netsh防火墙设置service RemoteDesktop enable profile = ALL运行以下命令:

netsh advfirewall防火墙设置规则组=“远程桌面”新启用=是configuration文件=域

netsh advfirewall防火墙设置规则组=“远程桌面”新启用=是configuration文件=私人