新建 一個bat文件，復(fù)制如下內(nèi)容到bat文件中，將文件名命名為drop-udp.bat

復(fù)制代碼 代碼如下:
netsh ipsec static add policy name=dropudp
netsh ipsec static add filterlist name=allow-udp
netsh ipsec static add filterlist name=drop-udp

REM 添加篩選器到IP篩選器列表(允許上網(wǎng))
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns訪問 protocol=udp mirrored=yesdstport=53
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns訪問 protocol=udp mirrored=yesdstport=123
netsh ipsec static add filter filterlist=allow-udp srcaddr=me dstaddr=any description=dns訪問 protocol=udp mirrored=yesdstport=161

REM 添加篩選器到IP篩選器列表(不讓別人訪問)
netsh ipsec static add filter filterlist=drop-udp srcaddr=any dstaddr=me description=別人到我任何訪問 protocol=udp mirrored=yes

REM 添加篩選器操作
netsh ipsec static add filteraction name=allow-udp-port action=permit
netsh ipsec static add filteraction name=drop-udp-port action=block

REM 創(chuàng)建一個鏈接指定 IPSec 策略、篩選器列表和篩選器操作的規(guī)則(加入規(guī)則到我的安全策略)
netsh ipsec static add rule name=允許規(guī)則 policy=dropudp filterlist=allow-udp filteraction=allow-udp-port
netsh ipsec static add rule name=拒絕規(guī)則 policy=dropudp filterlist=drop-udp filteraction=drop-udp-port

REM 激活我的安全策略
netsh ipsec static setpolicy name=dropudp assign=y
 

保存后，雙擊運行即可
udp除53 DNS解析，161 snmp監(jiān)控端口 及時間同步服務(wù)123這三個udp的端口外，禁用所有udp出入站連接