How do I block all outgoing ports in Windows XP firewall?

All we need is an easy explanation of the problem, so here it is.

The built-in Windows firewall seems to only block incoming ports, but not any outgoing traffic.

I am looking for an application to install on an xp machine which can be configured a way to block all outgoing connection attempts.

I want to still allow incoming connection attempts on a few ports for testing.

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

Comodo Personal Firewall is a free replacement for the Windows Firewall that will query whether you want an application to be able to make outbound connections the first time that application is used. You will also be able to allow programs to open incoming ports so you should be fine there too.

It’s pretty comprehensive, you can (I believe) add the most commonly used applications during setup, so Firefox, IE and most email programs are not blocked by default.

The configuration is relatively straightforward and the baloon popups that appear when an application tries to access the network were quite informative when I used it last.

Unless you want Antivirus as well try to make sure that you only download the Firewall installer, their site makes it a bit too easy to get both by mistake.

Method 2

There’s no way to do what you want with the firewall built into Windows XP. You’ll need a third party firewall to do that.

Method 3

To get the level of fine grain control you’re looking for I would recommend checking out kerio v2 firewall. Back in the day when I still had WinXP setups this was my firewall of choice due to its light resource usage, effectiveness and ease of use.

Note that Kerio is a rule-based packet filtering firewall — the rules you setup are processed in a top-down first-to-match fashion. Packets that don’t match any of the rules are automatically dropped into the ether. Even though it’s no longer supported it still remains to be a very effective firewall. In fact, if you’ve ever tweaked Win7’s built-in firewall you’ll find many interface and functionality similarities with Kerio.

If you decide to try it out you might find these links helpful:

Method 4

If you are at all familiar with using the command prompt, here are steps to do this yourself:

  1. Open the command prompt by typing cmd into the Start → Run dialog

  2. View the current settings of your firewall, including firewall exceptions, by typing in the following command:

    netsh firewall show config
  3. Now to go to the Firewall command sub-console (context) by typing the following commands (hit Enter after each one):


    You’re now in the Firewall sub-console (context).

  4. Now type help and hit Enter. The last 5 or 6 rows displayed are the Firewall Context commands. You’re interested in the command set, therefore, type set /? and hit Enter, to view its functionality. And finally, type set portopening and hit Enter, and you’ll see the syntax required to open or close ports in your firewall.

It may be easier to read the syntax by highlighting the text (mouse-down then drag over the text), copying it (Ctrl+C) and pasting it into Notepad or Wordpad.

Here are a couple helpful port identification Web sites/pages:

  1. All ports and their primary uses
  2. All ports and corresponding services

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply