The higher ports are open because users expect to install any software that uses those ports and have it work. Everything including instant messengers, VOIP, games, file sharing, databases. Regardless if it’s in Fedora repos and configured with proper policies, or if it’s a random binary they downloaded—if it doesn’t work, it’s Fedora’s fault.
If you want to close them, you can either edit the FedoraWorkstation zone, or change the default zone (for the correct interfaces) to whatever is appropriate (e.g. public or home).
Firewalld is slightly different conceptually but not difficult to use. I suggest reading Using firewalld :: Fedora Docs and installing firewall-config GUI.
Frankly, the firewall included with Fedora is very … lackluster, to avoid using stronger words. It is confusing, unclear, weird, and just doesn’t do the job well. Ufw is FAR, FAR better. Just sudo ufw deny incoming and voila – you got yourself a firewall that blocks incoming requests. Use ufw.