@echo off

echo .
echo 创建IP安全策略，屏蔽135，137，139，445 等端口 ( win2008， win2012, win7, win8, win10 )
echo .
echo 请右键 bat 程序，以管理员身份运行！
echo .

echo 正在启动IP策略服务 ...
net continue PolicyAgent

netsh ipsec static add policy name=Windows_Port_Filter

echo 正在创建IP筛选器 ...

netsh ipsec static add filterlist name=XFFilter

echo 正在关闭 445 端口 ...

netsh ipsec static add filter filterlist=XFFilter srcaddr=any dstaddr=Me dstport=445 protocol=TCP
netsh ipsec static add filter filterlist=XFFilter srcaddr=any dstaddr=Me dstport=445 protocol=UDP

echo 正在关闭 135 端口 ...
netsh ipsec static add filter filterlist=XFFilter srcaddr=any dstaddr=Me dstport=135 protocol=TCP
netsh ipsec static add filter filterlist=XFFilter srcaddr=any dstaddr=Me dstport=135 protocol=UDP

echo 正在关闭 137 端口 ...
netsh ipsec static add filter filterlist=XFFilter srcaddr=any dstaddr=Me dstport=137 protocol=TCP
netsh ipsec static add filter filterlist=XFFilter srcaddr=any dstaddr=Me dstport=137 protocol=UDP

echo 正在关闭 139 端口 ...
netsh ipsec static add filter filterlist=XFFilter srcaddr=any dstaddr=Me dstport=139 protocol=TCP
netsh ipsec static add filter filterlist=XFFilter srcaddr=any dstaddr=Me dstport=139 protocol=UDP

echo 正在设置IP筛选器为阻止状态 ...
netsh ipsec static add filteraction name=XFFilterAtion action=block

netsh ipsec static add rule name=Rule1 policy=Windows_Port_Filter filterlist=XFFilter filteraction=XFFilterAtion

echo 正在开启IP策略 ...
netsh ipsec static set policy name=Windows_Port_Filter assign=y

echo .
echo 按任意健退出
echo .
pause>nul