What I am looking for is not so much a 'lock down everything' type answer, but more along the lines of "these outbound ports are never used or should never be used on the public Internet (like the 137 ...
How about block everything unless you know you want it open? That way you don't have to worry about some exploit down the road that uses some port number you didn't know anything used.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results