router rules

["Rahul" <Rahul () unsecure co uk>]

hi everyone,

i have a vigor router, (2600), which i just brought. it seems pretty slim on
documentation on the firewall. i am very new to firewall concepts. i have a
network (well, ok a workgroup), of 4 static computers, and about 3 dynamic
ones (laptops), these get their ip off the router. 

i created a block all in/out filter on the firewall unless it matches the
following rules;

allow always if destination port=80 & protocol = tcp
allow always if destination port=443 & protocol = tcp
allow always if destination port=53 & protocol = udp
allow always if destination port=25 & protocol = tcp/udp
allow always if destination port=110 & protocol = tcp/udp

this allows the people in the network to browse and retreive their emails
from the email server and send emails (the email server is external). maybe
i have to allow ports like 3128, 8080 etc. but this kinda works.

i couldnt really find any info on what i should allow and disallow, just
looked up a port list of protocols and allowed them via destined ports.

my question is, 

#1: is this the correct way to specify filters? (i.e. via destination ports)
#2: my theory is, if a trojan was running on the machines, the traffic would
have to goto port 80,443,53,25,110, so the attacker will have to have these
ports open / use a box that had these ports open. correct?
#3: should i allow anything else?
#4: can anyone recommend a good syslog program for windows where i can see
the traffic by IP? (long term)