4. Create a filterlist
Create a list of filters named denyAll
netsh ipsec static add filterlist name=denyAll
5. Delete the filterlist
Delete the list of filters named denyAll
netsh ipsec static delete filterlist name=denyAll
6. Create a filter
Add a filter to the denyAll filter list, which prohibits all network traffic
netsh ipsec static add filter filterlist=denyAll srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=me protocol=ANY mirrored=yes descrip{filter}tion="anywhere to me, anyProtocol, mirrored"
The parameters and meanings of the filter are as follows:
Label Value
filterlist - The name of the filter list that the filter wants to add to.
srcaddr - Source IP address, DNS name, or Server type.
dstaddr - Destination IP address, DNS name, or server type.
descrip{filter}tion - Short information about the filter.
protocol - can be ANY, ICMP, TCP, UDP, RAW, or an integer.
mirrored - A value of yes will create two filters, one in each direction.
srcmask - The source address mask or a prefix from 1 to 32.
dstmask - The destination address masks a prefix from 1 to 32.
srcport - The source port of the packet. A value of 0 means any port.
dstport - The destination port of the packet. A value of 0 means any port.
7. Delete filter
Delete the filter created in step 6
C:\>netsh ipsec static delete filter filterlist=denyAll srcaddr=0.0.0.0 srcmask=0.0.0.0 dstaddr=me protocol=ANY mirrored=yes |
Posted on 9/12/2016 10:32:49 AM
|
|
|
