Here is how I did it. let me know if this is OK, or do you know a better way?
under Network Security Policy:
svchost.exe
Allow TCP in from ip “ip of my 360” (ip mask) everything else any
wmpnetwk.exe
Allow ip in\out from “ip of my 360” everything else any
It works, is it safe?
Thanks