How to use commands to manage Windows 7 Desktop Firewall

Windows 7 provides a window interface to configure the Desktop Firewall, but the operation is complicated. If you want to implement it on all the terminals in the LAN, it will be very time-consuming and laborious. Therefore, you plan to implement it using a batch file. The test environment is on my computer. The host machine is a Windows 7 32-bit operating system. To test the Desktop Firewall effect, a virtual machine is used and the operating system is a Windows XP operating system.
I have used the host and bridge modes for the network of virtual machines. The host mode uses vnet3. The virtual machine and the NIC OF THE vnet3 corresponding to the host set the address of the same network segment. The bridge mode uses the default vnet0, the IP address of the same network segment is used by the VM and the host. During the test, it was found that port 139 and port 445 disabled by the Desktop Firewall can take effect, but port 21 disabled does not take effect. It is very strange. If you know something, please let me know.
The following is a command to configure Windows 7 Desktop Firewall. Two batch processing files are written. One is to configure the Desktop Firewall to disable some dangerous ports, and the other is to restore the initial configuration of the Desktop Firewall.
1. Configure the Desktop Firewall
(1) Enable the Desktop Firewall netsh advfirewall set allprofiles state on
(2) set the Default Input and Output policies netsh advfirewall set allprofiles firewallpolicy allowinbound. Set allowoutbound to allow. If set to deny the use of blockinbound, blockoutbound
(3) disable TCP port 139 netsh advfirewall Firewall add rule name = "Deny tcp 139" dir = in Protocol = TCP localport = 139 action = block
(4) Disable UDP port 139 netsh advfirewall Firewall add rule name = "Deny UDP 139" dir = in Protocol = UDP localport = 139 action = block
(5) disable TCP port 445 netsh advfirewall Firewall add rule name = "Deny TCP 445" dir = in Protocol = TCP localport = 445 action = block
(6) Disable UDP port 445 netsh advfirewall Firewall add rule name = "Deny UDP 445" dir = in Protocol = UDP localport = 445 action = block
(7) use the same method to disable TCP ports 21, 22, 23, 137, 138, 3389, 5800, and 5900.

Netsh advfirewall Firewall add rule name = "Deny tcp 21" dir = in Protocol = TCP localport = 21 action = block

Netsh advfirewall Firewall add rule name = "Deny TCP 22" dir = in Protocol = TCP localport = 22 action = block

Netsh advfirewall Firewall add rule name = "Deny TCP 23" dir = in Protocol = TCP localport = 23 action = block

Netsh advfirewall Firewall add rule name = "Deny TCP 3389" dir = in Protocol = TCP localport = 3389 action = block

Netsh advfirewall Firewall add rule name = "Deny TCP 5800" dir = in Protocol = TCP localport = 5800 action = block

Netsh advfirewall Firewall add rule name = "Deny TCP 5900" dir = in Protocol = TCP localport = 5900 action = block

Netsh advfirewall Firewall add rule name = "Deny TCP 137" dir = in Protocol = TCP localport = 137 Action = block

Netsh advfirewall Firewall add rule name = "Deny TCP 138" dir = in Protocol = TCP localport = 138 action = block
(8) pause echo after execution and press any key to exit

2. Restore Initial Configuration

(1) restore the initial firewall to set netsh advfirewall Reset

(2) disable the firewall netsh advfirewall set allprofiles state off