1、创建策略netsh ipsec static add policy name="249-WAN-IP" description=”249机器的IP安全策略”
3、创建筛选列表netsh ipsec static add filterlist name="blacklist" description="黑名单"netsh ipsec static add filterlist name="whitelist" description="白名单"
5、netsh ipsec static add filter filterlist=blacklist srcaddr=192.1.1.0 srcmask=255.255.255.0 srcport=0 dstaddr=me dstport=0 protocol=any desc=禁止1网段 mirrored=yes——限制1网段访问netsh ipsec static add filter filterlist="whitelist" srcaddr=192.1.1.72 dstaddr=me dstport=80 description="1.72的80端口访问控制" protocol=TCP mirrored=yes——允许1.72访问80端口
7、激活策略netsh ipsec static set policy name="249-WAN-IP" assign=y由于添加白名单的ip比较多,将所有要添加的ip写在一个bat脚本里面,然后统一执行
