# my_ban_ips.ps1 # 作者: 羽山秋人 (https://3wa.tw) # 版本: V0.01 # 以下內容請儲成 👉 C:\tools\my_ban_ips.ps1(⚠ 副檔名一定要 .ps1) # 1. 用 系統管理員,打開 cmd 下載 my_ban_ips.ps1 # mkdir C:\tools # curl "https://3wa.tw/myapache_banip/api.php?mode=download_script&type=windows" -o C:\tools\my_ban_ips.ps1 # 2. 初次執行,允許下載 banip_csv.txt 權限 # Set-ExecutionPolicy RemoteSigned (選 Y) # 3. 後續執行,使用系統管理員執行 cmd 然後 # powershell -ExecutionPolicy Bypass -File C:\tools\my_ban_ips.ps1 # 或者 # 4. 使用 系統管理員啟動 powershell # powershell -ExecutionPolicy Bypass -File C:\tools\my_ban_ips.ps1 # 或者 # 5. 使用 系統管理員啟動 powershell # Unblock-File C:\tools\my_ban_ips.ps1 # C:\tools\my_ban_ips.ps1 # 2、3、4 擇一使用即可 # 如果要移除此規則 # 使用 系統管理員執行 Powershell # Remove-NetFirewallRule -DisplayName "Block Bad IPs_*" # 說明: # 因為 Windows Firewall 單一規則若塞入過多 IP,容易出現: # Set-NetFirewallRule : 陣列界限不正確 / Windows System Error 1734 # 所以此版本改為: # 1. 下載 banip_csv.txt # 2. 讀入 IP 清單 # 3. 每 500 筆 IP 切成一條規則 # 4. 規則名稱會變成: # Block Bad IPs_001 # Block Bad IPs_002 # Block Bad IPs_003 # ... $ErrorActionPreference = "Stop" $rulePrefix = "Block Bad IPs" $url = "https://3wa.tw/myapache_banip/data/banip_csv.txt" $tmpFile = "C:\temp\banip_csv.txt" $chunkSize = 500 # 每條防火牆規則放幾個 IP,建議 300~800,500 較穩 try { # 建 temp 目錄 if (!(Test-Path "C:\temp")) { New-Item -ItemType Directory -Path "C:\temp" | Out-Null } # 下載 IP 清單 Write-Host "Downloading IP list..." Invoke-WebRequest -Uri $url -OutFile $tmpFile # 讀取並整理 IP(去空白、去空行、去重複) $ips = Get-Content $tmpFile | ForEach-Object { $_.Trim() } | Where-Object { $_ -ne "" } | Sort-Object -Unique if ($ips.Count -eq 0) { throw "IP list is empty." } Write-Host ("Total unique IPs: " + $ips.Count) # 先移除舊規則 # 例如: # Block Bad IPs_001 # Block Bad IPs_002 # ... Write-Host "Removing old firewall rules..." $oldRules = Get-NetFirewallRule -DisplayName "$rulePrefix*" -ErrorAction SilentlyContinue if ($oldRules) { $oldRules | Remove-NetFirewallRule } # 依 chunkSize 分批建立規則 $ruleCount = 0 for ($i = 0; $i -lt $ips.Count; $i += $chunkSize) { $end = $i + $chunkSize - 1 if ($end -ge $ips.Count) { $end = $ips.Count - 1 } $chunk = $ips[$i..$end] $ruleCount++ $ruleName = "{0}_{1:D3}" -f $rulePrefix, $ruleCount Write-Host ("Creating firewall rule: " + $ruleName + " (" + $chunk.Count + " IPs)") New-NetFirewallRule ` -DisplayName $ruleName ` -Direction Inbound ` -Action Block ` -Enabled True ` -Profile Any ` -RemoteAddress $chunk | Out-Null } Write-Host "" Write-Host "Done." Write-Host ("Total IPs: " + $ips.Count) Write-Host ("Total rules created: " + $ruleCount) } catch { Write-Host "" Write-Host "Firewall update failed:" Write-Host $_.Exception.Message exit 1 }