Originally posted here by AngelicKnight
Basically.

(Ok guys, time to see how well I've learned what you taught me!) You've got three port states basically: open (you're a sitting duck), closed (but can be seen and thus broken into), and stealth (you're completely invisible). The goal is to configure a firewall so that you run in full stealth. Look for ports that are visible (open or closed, not stealth), and especially watch for ports that are open, for those are the ones that pose the greatest threat.

Also, it's good to start learning which ports are of particular importance (which ports are popular targets) and what functions various ports normally serve. This is something I have yet to learn myself.
Stealth is nice, but it's importance is overstated. There are still other ways to find out if someone is online. Someone could run a ping sweep, or scan for a p2p port (ie, 1214 for fasttrack) or another popular port. To me, the IDS portion of a firewall is more important than the stealth aspect.

Also, outside of a DOS attack, maybe someone could point me in the direction of a good resource detailing how a closed port (one that rejects instead of drops) is going to be exploited faster than a "stealthed" port, once the host is known?

Just a couple of thoughts.