Personally, I would not get a software firewall, I would get a hardware one. I keep a sophos anti virus around to scan every once in a while, but I would not realy on a software firewall because they are frankley a bad concept IMO. I have a hardware one on my router, but I am currently not behind it because it was messing with games. I prevented me from running a webserver, gameserver, and joining some online games. My ports are all stealth so I am not vulnerable to a port scan.
There is no one particular port to block, there are tons. Thats why I would just use stealth because you have no idea which port a hacker will utilize, or what trojan he uses, and which port it will run on... so on and so fourth.