First of all you have to keep in mind that Windows XP's built-in firewall doesn't have the capability to apply the rules you described. Plus, even if it did, packets would still get dropped by the same machine that's handling the actual FTP connections, so it would still be recommendable to put a separate firewall (or Linux box) in front of it, just for firewall/NAT purposes.
On top of that, using Windows XP's built-in FTP server is also not a good idea, as it's too integrated with the OS and it would force you to create OS user profiles and manage ACLs through NTFS permissions. Therefore I would opt for a different type of server, with FileZilla Server and Syncplify.me Server! being two of such options.
FileZilla Server is free for any use, and allows you to limit the number of simultaneous connections. Syncplify.me Server! is free for personal use, but the paid editions allow you to limit not only the number of simultaneous connections but also how many of them are allowed from the same IP address, and how many "attempts" are allowed in how much time (window) before automatic temprary/permanent blacklisting.
(Disclaimer: I am the author of Syncplify.me Server)