Which ports would you block on a 2000 network, but still allow internet access? I have blocked 135-139 and 111. Are there any others which I should block? If this is off topic for this forum, please forgive me....Dauf

For incoming traffic, always try to work on the principle of "deny everything that isn't explicitly allowed". In general Internet usage, the only things you need to let in are TCP connections which were established from inside the firewall, traffic to any servers you may be running (eg web servers) and possibly some ICMP traffic like ping replies. What you've blocked will stop File & Print Sharing, but if someone gets infected with NetBus, SubSeven, BackOrifice etc then you're potentially stuffed - trojans like that can be configured on any arbitrary port.