Windows XP firewalling
From Helpful
| This article is marked 'feel free.' This probably means the author knows it's not finished but may not be working on it, so encourages those with expertise to refine the page. See also editing. |
Windows XP comes with basic firewalling - that is, 'deny incoming connections except the ones I want' which is the most useful rule of thumb in practice anyhow, but the few neater features are hidden behind a one-click interface.
Opening ports / allowing programs
Assuming you keep your XP updated, windows will pop up for new programs asking you whether you want it to allow communication. The general, good, idea is to deny everything that's not allowed by you or windows policies.
If you need to allow things later, usually because they don't seem to work, you need to figure out what ports a program expects connections on. (every now and then an ISP may be trying to discourage certain programs or services, either for legal or security reasons, by firewalling them on your connection, which is usually solvable by changing the port number)
To allow incoming connections to ports, Go into the properties (of any one of them), 'Advanced' tab, Settings (in the Windows Firewall part), its 'Exceptions' tab, 'Add port', and give it the port number and protocol type (TCP or UDP). You can name it anything.
As you can see from the dialog, you can also allow programs. This works by checking the executable path-and-filename for a running program, and allowing it based on that. I vaguely remember problems with it (This may be related to disallowals and rule ordering), but if they have been fixed, this is more flexible as it would mean not having to deal with ports.
Per-Interface
This may not be relevant for most, but you can enable and disable the firewall per interface (as would seem logical to me, but it en-/disables it for all) If you want this, instead of enabling/disabling from the right-click menu in the network control panel you should:
Go into any network interface's properties, 'Advanced' tab, 'Settings' in the Windows Firewall part, its 'Advanced' tab, and check only the interfaces you want protected.
