You should look at the built-in Exceptions list and make sure you don't
have any that have opened up anything to the outside world. You should
unbind/uninstall Client for MS Networks and MS File and Print Sharing
off of the NIC.
You have no need to be in a networking situation with a single machine
with a direct connection to the Internet. You should check the XP FW
Exceptions list anytime you install software to make sure it doesn't add
an Exception to the XP FW that you don't know about.
You should do some of the things in the link to harden the XP O/S to
attack with a machine with a direct connection to the Internet. You
should also practice safe hex, like don't use IE unless a site calls for
IE. You might want to think about OE too.
You should install Active Ports (free) and place a short-cut for it in
the Start-up folder and watch for dubious connection and use it on a
routine basis after the O/S Start up looking for dubious connections.
No, you don't. Because you don't need any.
As you don't need any, it is sufficient. It is also sufficient as a
host-based packet filter, which might be useful. It is not sufficient as a
firewall that you don't need and wouldn't be useful.
Please stop this "need". Understand your requirements and state them.