What basic functions should the average computer user know about software or hardware firewall configuration?

Ideally most users shouldn't have to know too much about firewalls, especially not how to config them. Perhaps they might need to know a bit more about them in a ipv6, post nat(network address translation) world. Some people benefited security-wise being behind a nat due to ipv4 address scarcity, but they can do just fine without nat if they have a stateful firewall. So as consumers they should have a clue to look for that as a feature in their cable modems or dsl whatever.

As consumers they should also be aware that they can have negative effects towards the computing "eco-system"(for lack of better term)... Such as the negative effect they have had on the adoption of ecn(explicit congestion notification) and other ip and tcp extensions. Firewalls have tended to ossify things in a rigid ways that stifle progress. Also see the tendency to put everything through ports 80 and 443 , even when that's silly. Erodes the legitimate use of port numbers as a protocol multiplexing determinate. They should know to keep away from overly aggressive firewall products.

Home users likely need things like flatpak/bubblewrap/selinux to sandbox apps more than they need most traditional firewalls.

[[Netflix is not needed for work purposes.]]
Probably not needed. I don't use netflix, but don't they have some nonfiction shows on it? For work machines I'd want to block or turn off drm features though: so no silverlight, flash, or eme(Encrypted Media Extensions).

I do remember once that I had to debug a dns issue so I turned on logging, caught someone in the middle of porn viewing. So I can understand companies, and the government trying to get some control over wasting time and resources during business hours.

SPC(P) (Join to see) - Unfortunately we still have some third party software that requires Silverlight. Which is compounded by trying to explain to our users that it is a limitation of the software. We had one who thought buying a new computer would solve the problem, then they were upset when a spanking new PC still gave them errors in Chrome for Silverlight.

PO3 Steven Sherrill - Yes I mostly wanted to emphasize the drm aspects of silverlight and flash... Even though in a more ideal world you'd want such things be be Open Standards with at one implementation licensed using Open Source license(s).

There were attempts to make compatible software for these.
flash had https://www.gnu.org/software/gnash/
silverlight had http://www.mono-project.com/docs/web/moonlight/

https://www.dwheeler.com/essays/opendocument-open.html
https://www.dwheeler.com/essays/open-standards-open-source.html

https://developers.redhat.com/blog/2016/10/28/what-comes-after-iptables-its-successor-of-course-nftables/

Yes it's great to know what the ports are, admins should have a couple sample configs that they tweak a bit; most shouldn't have to go too crazy. That implies that they might have to know how their use of ports is different from the norm.

stateful configurations for tcp connections.

Not to firewall icmp completely.

These are not for standard average users though.

Firewalld is popular now on the Linux side. ConfigServer Security & Firewall (CSF) is great on servers as you mainly list ports in one file or GUI page.
SPC(P) (Join to see)