Two months, no answers, eh?
You have to permit UDP to remote port 53 of your DNS server(s), otherwise internet won't work.
You have to permit outbound by TCP remote port 80 for the websites to work, 443 if https.
If you have a network printer and/or do filesharing with another computer on your LAN, allow all that, deny to the internet.
I don't have Avast's firewall, no idea how it's structured, so can't help. Isn't there a built in help in the GUI? Perhaps a "?" someplace? or in the user manual?
You can't do worse than read this old and very usefull guide, applicable to all XP firewalls
http://www.wilderssecurity.com/showthread.php?t=142036