Keeping your web server up to date, and using an obscure one (check!) will help.
The fact is, most firewalls do no more than yours is doing now - opening or closing a given port.
More advanced firewalls can look for specific attack signatures. There are a few generic things that can be checked, but it is basically looking for a specific exploit by knowing what to expect in a packet. But that generally requires a costly subscription, and is offered for higher-cost hardware firewalls. (There may be free sources, but how up to date are they?)
Most of these attacks, though, are against specific URLs. They are attacking vulnerable scripts. If you don't have those scripts installed, no problem - they are harmless. So, be careful about the scripts you choose, and keep them up to date!
Beyond that, it's popular to block troublesome blocks of IP addresses. There are more free resources available for this than for attack signatures. You may be able to do this with your current firewall, though you might have to type-in the address ranges. (Rather than use a supplied file.)
If you really, really want to run a live web server at home, it might make more sense to set-up a Linux machine, where you will have more free resources available, and can replicate the environment you will probably have if/when you move to commercial hosting.
(There are some cases for Windows hosting, but I doubt they apply in your case. For example, you've already purchased an expensive package that's required for your site and only runs on Windows.)