You could have two firewall scripts. They would be exactly the same, except that the one that would block the XP machine would have something like
iptables-A INPUT -i ethX -s 220.127.116.11 -j DROP
Where ethX is whatever card the XP comes in on and 18.104.22.168 is the ip address for the XP machine.
Whenever you want to block the XP machine, you just run the script with this line and when you want it to have access you run the script without that line.