You should be able to use the built-in firewall to block all ports (in and out) except 137. 138, 139 (both UDP and TCP should be open). You might want to have TCP 445 open as well.
At least, you can do that in Vista with the advanced firewall UI. I'm not sure offhand if you can do it with XP.