本文介绍了通过命令行脚本添加ipsec安全策略，方便快捷的实现系统自带的防火墙功能。

REM =================开始================

add policy name=bim

REM 添加2个动作，block和permit

add filteraction name=Permit action=permit

add filteraction name=Block action=block

REM 首先禁止所有访问

add filterlist name=AllAccess

add filter filterlist=AllAccess srcaddr=Me dstaddr=Any

add rule name=BlockAllAccess policy=bim filterlist=AllAccess filteraction=Block

REM 开放某些IP无限制访问

add filterlist name=UnLimitedIP

add filter filterlist=UnLimitedIP srcaddr=61.128.128.67 dstaddr=Me

add rule name=AllowUnLimitedIP policy=bim filterlist=UnLimitedIP filteraction=Permit

REM 开放某些端口

add filterlist name=OpenSomePort

add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=20 protocol=TCP

add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=21 protocol=TCP

add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=80 protocol=TCP

add filter filterlist=OpenSomePort srcaddr=Any dstaddr=Me dstport=3389 protocol=TCP

add rule name=AllowOpenSomePort policy=bim filterlist=OpenSomePort filteraction=Permit

REM 开放某些ip可以访问某些端口

add filterlist name=SomeIPSomePort

add filter filterlist=SomeIPSomePort srcaddr=Me dstaddr=Any dstport=80 protocol=TCP

add filter filterlist=SomeIPSomePort srcaddr=61.128.128.68 dstaddr=Me dstport=1433 protocol=TCP

add rule name=AllowSomeIPSomePort policy=bim filterlist=SomeIPSomePort filteraction=Permit