It's great that your trying to make an informed decision about your own system security, many people don't have a clue (and apparently don't want to have a clue!). Your system security, and what you like to do when connected, is a number of tradeoffs, mostly More Security=Less Access (I know that's pretty simplistic, but that's the bottom line. You can do things with open or blocked ports, (sometimes by guessing) and you're discovering the problems with that approach. Suggestion: I read posts where users run port-sniffing software to detect incoming activity. Someone should be able to suggest what software to use (I don't). You may be able use that as a guide for using and configuring the firewall. The problem with that is finding that some apps perform relatively 'innocuous' access (I leave that to you to define 'innocuous') back to you when you run that software. I think you would need to leave the firewall off for that 'learning' process to be effective. Of course, use good (and up-to-date) virus detection.
Someone with more knowledge that I may have other resources to suggest.