This article will outline one of the new things in Microsoft's Windows XP and 2000 that is very usefull to people using file sharing on the Internet: Blocking connections from hosts outside your local network!

Windows XP (or 2000) contains a full fledged, although somewhat non-obvious firewall layer you can use to block or enable arbitrary ports. You need to look at the settings for IPSec and Kerberos: In the Administrative Tools menu you will find an item called the 'Local Security Policy'.

Windows XP (or 2000) firewalling/IPSec settings are evaluated so that the most specific rule will match. This means that in order to allow access to a port from a specific address range we must also make a rule to disable traffic to that port from ANY address.

We're going to add a ruleset here to block traffic on netbios ports from the outside world to demonstrate how this works.