Where does a firewall application fit into the software stack?
Solution 1:
Put simply, the local firewall on your machine acts as a gatekeeper for actual traffic that will be passing through your operating system's network stack.
So, it'd go as such:
Software -> Network Stack (In/Out) -> Firewall -> Network
It does not prevent port bindings as the kernel handles this. It will however prevent traffic on the port(s) if configured to do so.
Solution 2:
There are (for all practical purposes) two different layers in play with what you're asking.
An app asking for a port binding is at a different level than where the firewall operates. An app will talk directly to the TCP/IP stack to get a binding. That happens completely independently of any firewall, regardless of if the firewall is local to the app host or a remote system.
Firewalls will intercept packets on ports they are configured to pay attention to once the bindings have already been granted. Then, once packets start flowing through those ports, the firewall can do its work and inspect the traffic. That's when the firewall will do it's allowing or blocking.