Some firewalls block specific IP addresses and ports both coming in and going out depending upon how they are configured. Some firewalls record IP addresses and port numbers of outgoing packets and only allow packets coming from these addresses and their ports back in if they arrive within a short time of the outgoing packet.
Some firewalls do both.
The firewalls do not inspect the data in the packets. That is a job for anti-virus and malware packages particularly for incoming packets.
I hope this helps.