How to Block Ports on Windows XP

Written by rory parkes
  • Share
  • Tweet
  • Share
  • Pin
  • Email
How to Block Ports on Windows XP
Building or Breaking Your Computer's Wall (Architectural joint - old stone wall and new brick wall image by astoria from

Internet Protocol security, or IPSec, is a group of filtering rules used to help protect Windows XP users from the threat of Internet network attacks, such as viruses, hackers, Trojans and worms. By changing the IPSec filters, or opening and closing ports, you can prevent inbound and outbound traffic to your PC. Depending on what rules you change, your Windows XP-based computer can either lock down across all its Internet traffic, or customise itself by only allowing certain ports to open and close.

Skill level:


  1. 1

    Install "IPSeccmd.exe." IPSeccmd.exe is part of the Windows XP Service Pack 2, or SP2, Support Tools folder. If you have SP2 installed, you can install IPSeccmd.exe directly from your SP2 folder. If you don't have SP2 or would like more information, visit Microsoft Support (see Resources).

  2. 2

    Click on the "Start" button and open the program "Run."

  3. 3

    Type "Command Prompt" into the text box and press "Enter."

  4. 4

    Type "netdiag /test:ipsec" into the command prompt box. This will identify if IPSec is running. If the command box reads "IP Security test . . . . . . . . . : Passed

    Local IPSec Policy Active: 'Block UDP 1434 Filter," then continue to Step 5. If this message does not appear, reinstall Windows Service Pack 2.

  5. 5

    Type the second command, "IPSeccmd.exe -p "Existing_IPSec_Policy_Name" -w REG -r "Block ProtocolPortNumber Rule" -f *=0:PortNumber:Protocol -n BLOCK" into the command prompt box. To change any of IPSec filters and block ports, do this by changing any of these variable "Existing_IPSec_Policy_Name," "Protocol" and "PortNumber."

Tips and warnings

  • As an example, if you block port number 80 to the UDP 1434 Filter, the following command should be placed into the command prompt at Step 5:
  • IPSeccmd.exe -p "Block UDP 1434 Filter" -w REG -r "Block Inbound TCP 80 Rule" -f *=0:80:TCP -n BLOCK
  • This will prevent Internet traffic through port 80.
  • Microsoft Support advises that IPSec filter rules should only be changed as a defensive measure of last resort. Only attempt this if you have a clear understanding of the impact of opening and closing certain ports. You are effectively changing the Windows Registry, and this can have major implications if done incorrectly.

Don't Miss


  • All types
  • Articles
  • Slideshows
  • Videos
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the site, you consent to the use of cookies. For more information, please see our Cookie policy.