I have NIS on XP and it works well. there are two rules you want for sure in this order (this is your local stuff) 1) all to/from 127.0.0.1 tcp+udp (your LAN for file/print sharing)
2) allow to/from 192.168.0.1 thru 0.255 tcp+udp
do not port forward anything from your router and things should be fine. if you get prompted allow program xxx.exe to access the internet? make your choice and let it autoconfigure.
eg: your browser & email programs should be allowed
some xyz.ocx (ActiveX) or xyz.exe you've never heard of --- maybe/maybe not.
MS/xp has several services that need access too svchost lsass spoolsv (for print sharing) smss (file sharing)