echo Clear existing policy - will produce a non-fatal error message
echo if the SPH policy doesn't exist yet
ipseccmd -w REG -p "Home-Filter" -o

echo Block all NetBios access from anywhere by default
ipseccmd -w REG -p "Home-Filter" -r "Block incoming NetBios traffic" -f *+0:135:TCP -f *+0:135:UDP -f *+0:137:UDP -f *+0:138:UDP -f *+0:139:TCP -f *+0:445:TCP -f *+0:445:UDP -f *+0:593:TCP -n BLOCK 

echo Block incoming port 80 and port 443 access from anywhere
ipseccmd -w REG -p "Home-Filter" -r "Block incoming web traffic" -f *+0:80:TCP -f *+0:443:TCP -n BLOCK 

echo Block non-forwarded VNC
ipseccmd -w REG -p "Home-Filter" -r "Block non-forwarded VNC" -f *+0:5900:TCP -f *+0:5901:TCP -f *+0:5902:TCP -f *+0:5903:TCP -f *+0:5904:TCP -f *+0:5905:TCP -n BLOCK 

echo Activate Policy
ipseccmd -w REG -p "Home-Filter" -x

IF /I '%ERRORLEVEL%' EQU '0' (echo "IPSec Policy created and assigned successfully!")
IF /I '%ERRORLEVEL%' NEQ '0' (echo "There were problems creating or assigning the IP Security Policy")