A firewall's job is to prevent unauthorised connections to your computer, both incoming and outgoing. They do not of themselves stop data, they control connections.
Given that a very common way of getting infected is by clicking on links in e-mails or on web-sites that have been corrupted, you authorised the connection by opening up your e-mail client or by browsing to that particular web-site, so a firewall is powerless to stop that. It is the function of anti-virus and anti malware software to prevent such infections affecting your computer.
As for using an external drive, DON'T keep it connected to the computer. Connect it to the computer when you want to do a backup or re-install, then disconnect it when you are finished. And if you have any reason to suspect malware etc. before you do a back, run a scan before you connect the drive to do the backup. Or even if you don't suspect infection - it's good practice.
Your final question, as I understand it. The short answer is no. AV programs and their kin work on a database of known threats and threat characteristics. This means there is a good chance you will be protected against unknown threats which use a similar structure to known ones, but if somebody comes up with a new structure of malware, then all bets are off.