[–] sixsicsix ago (edited ago)
If a service is listening on a port, data can come in, too. Its not just about talking outbound on an ephemeral port.
Network security is mainly about washing incoming stuff. Keeping the outbound safe involves not using proprietary code and maintaining some level of access control Minimum permissive possible.