OK, now for some more detailed exposition:
The protocol used by samba is called SMB, or Server Message Block.
this protocol is “routable” (It is able to traverse a router), and is so for important reasons. Namely, large corporate networks have “departments”, which often need to have traffic isolated. To accomplish this, they set up each department inside its own logical subnet, so that local traffic from that subnet does not go outside it unless called explicitly to do so. However, keeping multiple redundant file servers in each subnet is … Not Optimal. (ahem.) So, in order to keep a single, centralized file server, the traffic from that file server needs to be able to be routed between these subnets so that all users can access it.
This is why SMB is routable.
However, BECAUSE it is routable, it means that there is potential for an outside attacker on the internet to phone up your file server, and start accessing data. (The internet is just a very large assemblage of global subnets; Technologically, it is logically identical to a GIANT corporate network.) Needless to say, SMB assumes a nice, safe local network, not the chaotic den of filth that is the Internet. It was not designed to withstand constant barrages of malicious actors trying to screw your stuff up.
To prevent this communication, you have to put your foot down on it, and deny all communication over the ports used for that kind of traffic, so that it cannot get out of your private network and into the internet, and vise-versa.
That’s where blocking the ports comes in.