uses 139 port as an example to illustrate how to disable the port. Even if you don't understand the strategy, you can complete the disabled port step by step. Take 139 as an example 1. Start -> Control Panel (or Management) -> Administrative Tools -> Local Security Policy 2. Right click on "Ip Security Policy, on Local Computer", Select "Manage IP Filter Table and filter operations ", < you can start the Manage IP Filter Table and Filter Actions dialog box> 3. In the "Manage IP Filter Table", press "Add"Button<Open IP Filter List > 4.(1) Add "Disallow 139 Port" < Any Name Is OK, as long as you know it, as long as you know it. &#; Description (D) Also write "Disallow 139 Port" (2) Add button <Enter ip screening wizard> (3) Click Next <Enter Filter Wizard> (4) At source address(s): Select the drop-down second item "any ip address" Next step (5) At the destination address (D): Select "My ip address" Next (6) Select the protocol type (S): Change "any" to "tcp" Next (7) Set ip protocol break: < You can see two very similar options> Select to port (O) <not note from port?> On the port you want to ban "139" Next (8) Complete 5 < Return to the filter list window, you can see the filter (S) window has information> Read it? Press OK button.. <will return to "Manage IP Filter Table and Filter Operations"Window>6 Click "Manage Filter Actions" (4)(2)(3)<> will enter: "Filter Operation" Window 7 Hehe Of course, choose the second "block" "Next"--> "Complete"8 <back"Manage IP Filter Table and Filter Action"Window>Click " ; close "button 9 < back to the local security settings window> right-click "Ip security policy, on the local computer", select "create ip security policy" (4)(2)(3) in 4 enter " The security rule sets the initial authentication method to control the <Use Defaults"Active Directory Defaults (Kerberos V5 Protocol)> Next 10 A warning window appears."Only if this rule is on a computer that is a domain member Kerberos Effective. This computer is not a domain member. Do you want to continue and retain the attributes of these rules? "Of course"Yes&#; Pull 11 Click "Complete" button&&;Enter Edit Properties Window>12 "General" and "Rules" Click "rules" Click "Add"Button&&;Enter Security Rule Wizard">13 Click Next to continue to the next warning with the same warning yes14 from the ip filter list (I) basket first One: "Forbidden 139 Port"The front ○ becomes ⊙15 Same 14Select Next Step 7 appears"Complete"Click to click 16 OK 17 Close Attribute Basket<Back to Local Security Policy>18 Right click on the right window "Disallow 139 Port Connection" --=> Assignment: By default, Windows has many ports open, and when you are online, network viruses and hackers can connect to your computer through these ports. In order to make your system into a wall, you should close these ports, mainly: TCP 135, 139, 445, 593, 1025 ports and UDP 135, 137, 138, 445 ports, some popular virus backdoor ports (such as TCP 2745, 3127, 6129 ports), and remote service access port 3389. Here's how to turn off these network ports under WinXP/2000/2003: First, click “Start”Menu/Settings/Control Panel/Administrator Tools, double-click to open “Local Security Policy>, select “IP Security Strategy, on the local computer, right click on the blank space in the right pane, pop up the shortcut menu, select “Create IP Security Policy> (as shown on the right), and a wizard will pop up. Click the “Next” button in the wizard to name the new security policy; press “Next”, then display the "secure communication request" screen, and activate the default rule on the screen “ The hook on the left is removed, and clicking the “Complete" button creates a new IP security policy. In the second step, right-click the IP security policy, in the “Properties” dialog box, remove the hook on the left side of the “Add Wizard” and click the “Add” button to add a new rule, then pop up. “New Rule Attributes” dialog box, click the “Add” button on the screen to pop up the IP Filter List window; in the list, first remove the hook on the left side of the Add Wizard & rdquo; and then click on the right Add a new filter to the "Add" button. The third step, enter the "Filter Properties" dialog box, the first thing to see is the addressing, the source address is selected "any IP address", the target address is selected "My IP address"; click "“ agreement ” tab, select “TCP” in the drop-down list of "Select protocol type", and then enter “135” in the text box under "To this port", click the "OK" button (As shown on the left), this adds a filter that blocks the TCP 135 (RPC) port, which prevents the outside world from connecting to your computer via port 135. Click “OK" to return to the filter list dialog box, you can see that a policy has been added, repeat the above steps to continue adding TCP ports 137, 139, 445, 593 and UDP ports 135, 139, 445 for them Create the appropriate filter. Repeat the above steps to add the shielding policies of TCP 1025, 2745, 3127, 6129, 3389 ports, set up the filter for the above ports, and finally click the “OK” button. In the fourth step, in the “New Rule Attributes” dialog box, select “New IP Filter List”, then click on the circle to the left to add a dot to indicate that it has been activated, and finally click “<quo;Filter Operation” ;Tab. In the "Filter Action" tab, remove the "Use Add Wizard" hook on the left side, click the "Add" button, add “ Block & rdquo; action (right): in the "New Filter" In the "Security Actions" tab of the "Operational Properties" box, select "Block" & then click the "OK" button. Step 5, enter the “New Rule Attributes” dialog box, click ““New Filter Action”, the circle on the left side will add a dot to indicate that it has been activated, click the “Close” button to close the dialog box. Finally, return to the “New IP Security Policy Attributes” dialog box, check the left side of the “New IP Filter List” and press the “OK” button to close the dialog box. In the "Local Security Policy" window, right-click on the newly added IP Security Policy and select “ Assign”. So after rebooting, the above network ports in the computer are turned off, and viruses and hackers can no longer connect to these ports, thus protecting your computer.