Home Sign Up Sign In
AliceFizzy
V2EX  ›  Windows

如何在 Windows Firewall 批量添加 IP

  •   
  •   AliceFizzy · Nov 28, 2023 · 1778 views
    This topic created in 915 days ago, the information mentioned may be changed or developed.
    由于最近服务器老被 RDP 爆破,虽然装了个 wail2ban ,但是总觉得不如直接把国外 IP 给 ban 了来的实在,然后我看富强一堆国内 IP 的表,想着用这个表做一个白名单,结果自带防火墙导入也忒麻烦了……
    请问有啥办法可以快速批量导入 IP ?
  • Defender
  • 导入
  • 批量
  • wail2ban
    4 replies    2023-11-28 11:23:18 +08:00
    sky96111
        1
    sky96111  
       Nov 28, 2023
    PowerShell 脚本 New-NetFirewallRule
    yuchenr
        2
    yuchenr  
       Nov 28, 2023
    Set-NetFirewallAddressFilter 和 Set-NetFirewallAddressFilter
    yuchenr
        3
    yuchenr  
       Nov 28, 2023
    $startTime = Get-Date
    $startTimeStr = $startTime.AddMinutes(-5).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.FFFZ")
    $failedAttemptsThreshold = 3

    $Query = [xml]@"
    <QueryList>
    <Query Id="0" Path="Security">
    <Select Path="Security">*[System[(EventID=4625) and TimeCreated[@SystemTime&gt;='$startTimeStr']]]</Select>
    </Query>
    </QueryList>
    "@

    function Get-IPAddresses {
    param (
    [xml]$query,
    [int]$maxEvents
    )

    $events = Get-WinEvent -FilterXml $query -MaxEvents $maxEvents
    if (-not $events) {
    Write-Host "未获取到任何日志。脚本将退出。"
    return
    }

    $events | ForEach-Object {
    $_.Properties[19].Value
    }
    }

    $failedIPs = Get-IPAddresses -query $Query -maxEvents 100 | Group-Object | Where-Object {
    $_.Count -gt $failedAttemptsThreshold
    } | Select-Object -ExpandProperty Name -Unique
    $uniqueIPs = Get-IPAddresses -query $Query -maxEvents 100 | Select-Object -Unique

    $filteredFailedIPs = $failedIPs | Where-Object {
    $_ -notmatch '^192\.168\.' -and $_ -notmatch '^10\.' -and $_ -notmatch '^172\.(1[6-9]|2[0-9]|3[0-1])\.'
    }

    # 定义要过滤的特定 IP 地址列表
    $specificIPs = @("192.168.1.100", "10.0.0.5")

    # 过滤掉特定 IP 地址
    $filteredFailedIPs = $filteredFailedIPs | Where-Object {
    $_ -notin $specificIPs
    }

    $ruleName = "BlockIPs"
    $filteredFailedIPs = $filteredFailedIPs | Sort-Object

    # 获取现有的防火墙规则
    $existingRule = Get-NetFirewallRule -DisplayName $ruleName

    if ($existingRule) {
    # 获取现有的远程地址过滤器
    $existingAddressFilters = Get-NetFirewallAddressFilter -AssociatedNetFirewallRule $existingRule

    # 获取现有的远程地址
    $existingRemoteAddresses = $existingAddressFilters | Select-Object -ExpandProperty RemoteAddress
    $existingRemoteAddresses = @($existingRemoteAddresses)
    $existingAddressFilters = @($existingAddressFilters)
    # 添加新的地址
    $newRemoteAddresses = $existingRemoteAddresses + $filteredFailedIPs | Select-Object -Unique

    # 更新远程地址过滤器
    $existingAddressFilters | Set-NetFirewallAddressFilter -RemoteAddress $newRemoteAddresses
    }
    else {
    Write-Host "规则 $ruleName 不存在。"
    New-NetFirewallRule -DisplayName $ruleName -Direction Inbound -Action Block -Protocol Any -RemoteAddress $filteredFailedIPs -RemoteAddressType "IP"
    }
    ShadowPower
        4
    ShadowPower  
       Nov 28, 2023
    在网上搜的文章:
    http://yunrelay.com/servers/windows/974316102022.html
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   853 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 37ms · UTC 21:41 · PVG 05:41 · LAX 14:41 · JFK 17:41
    ♥ Do have faith in what you're doing.