We distinguish between
Most personal firewalls are essentially package-filter firewalls. You can configure for every process whether and how it can access the LAN or the internet. On the other hand, ports (connections to the network or internet) may be closed, meaning that all packages arriving there are rejected. Even better, packages may be dropped. In this second case ypu are almost invisible, the attacker can not even be sure that you exist. All server ports (where your computer may be used as"ZoneAlarm" is freeware, and there are many more powerful commercial products available. Don't rely on the firewall that is included in XP, unless you have Server Pack 2 installed.
are used to protect entry to a whole network at the gateway. They have to work different from personal firewalls.
Erich Prisner, December 2004