1 :: Simple script to block an ip using netsh. Commands from http://windowsnerd.com/
\r
7 FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET DATE=%%B
\r
8 FOR /F "TOKENS=1* DELIMS= " %%A IN ('TIME/T') DO SET TIME=%%A
\r
9 ECHO %DATE% %TIME% %0 %1 %2 %3 %4 %5 %6 %7 %8 %9 >> active-response/active-responses.log
\r
12 IF "%1"=="add" GOTO ADD
\r
13 IF "%1"=="delete" GOTO DEL
\r
16 ECHO "Invalid argument. %1"
\r
20 :: Adding to the blocked.
\r
23 :: Extracts last ip address from ipconfig.
\r
24 netsh ipsec static add policy description="ossec block list"
\r
25 netsh ipsec static add filter filterlist="ossecfilter" srcaddr=%3 dstaddr=me protocol=tcp mirrored=yes
\r
26 netsh ipsec static add rule policy="ossec" filterlist="ossecfilter" filteraction="block" desc="list of blocked ips"
\r
27 netsh ipsec static set policy assign=y
\r
31 netsh ipsec static delete filter filterlist="ossecfilter" srcaddr=%3 dstaddr=me protocol=tcp mirrored=yes
\r