5 FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET DAT=%%A %%B
6 FOR /F "TOKENS=1-3 DELIMS=:" %%A IN ("%TIME%") DO SET TIM=%%A:%%B:%%C
12 :: Check for required arguments
13 IF /I "%ACTION%"=="" GOTO ERROR
14 IF /I "%2"=="" GOTO ERROR
15 IF /I "%SRCIP%"=="" GOTO ERROR
18 IF /I "%ACTION%"=="add" GOTO ADD
19 IF /I "%ACTION%"=="delete" GOTO DEL
22 ECHO Invalid argument(s).
23 ECHO Usage: firewall-drop.cmd ^(add^|delete^) user IP_Address
24 ECHO Example: firewall-drop.cmd ADD - 1.2.3.4
25 ECHO %DAT%%TIM% "%~f0" %1 %2 %3 (error) >> "%OSSECPATH%active-response\active-responses.log"
28 :: Adding IP to be blocked
32 netsh advfirewall firewall add rule name="OSSEC-%SRCIP%" dir=in interface=any action=block remoteip=%SRCIP%
33 ECHO %DAT%%TIM% "%~f0" %1 %2 %3 >> "%OSSECPATH%active-response\active-responses.log"
38 netsh advfirewall firewall delete rule name="OSSEC-%SRCIP%" dir=in
39 ECHO %DAT%%TIM% "%~f0" %1 %2 %3 >> "%OSSECPATH%active-response\active-responses.log"