之前有介紹Linux下通過iptables限制UDP發(fā)包，這次記錄下Windows 2003的實(shí)現(xiàn)方法。

新建bat腳本，添加以下內(nèi)容，然后點(diǎn)擊運(yùn)行。

代碼如下:
:Created by //m.survivalescaperooms.com
:DROP UDP Flood
@echo off
cls
:獲取DNS地址
for /f "delims=: tokens=1,2" %%a in ('ipconfig /all ^|findstr /i "DNS Server"') do (
set DNSIP=%%b
)
:新建IP安裝策略禁止UDP
netsh ipsec static add policy name=禁止UDP description=允許DNS，拒絕其它UDP外出
:新建IP安全規(guī)則
netsh ipsec static add filterlist name=允許UDP
netsh ipsec static add filterlist name=拒絕UDP
:新建IP篩選器
netsh ipsec static add filter filterlist=允許UDP srcaddr=me dstaddr=%DNSIP% description=允許DNS查詢 protocol=udp mirrored=yes dstport=53
netsh ipsec static add filter filterlist=拒絕UDP srcaddr=me dstaddr=any description=禁止UDP外出 protocol=udp mirrored=yes
:新建IP篩選器操作
netsh ipsec static add filteraction name=允許DNS查詢 action=permit
netsh ipsec static add filteraction name=拒絕UDP外出 action=block
:封裝策略
netsh ipsec static add rule name=允許規(guī)則 policy=禁止UDP  filterlist=允許UDP filteraction=允許DNS查詢
netsh ipsec static add rule name=拒絕規(guī)則 policy=禁止UDP  filterlist=拒絕UDP filteraction=拒絕UDP外出
:應(yīng)用IP安全策略
netsh ipsec static set policy name=禁止UDP assign=y