>>So if you want to block any
traffic directed to a specific service, you have to block source ports
1-65535 (defined as any).
Instead of trying to figure out some long list of ports that need to be blocked,
block them all. Then only pass the few you need.