I am amazed at how many firewalls’ I see that allows everything out to the Internet. Most people do not need to allow every port and every service to the Internet. In fact it might be a good way to allow a remote control program or some malware to communicate home. Most malware will crawl to find an open port. If you have URL filtering enabled, it might crawl and find another available port.

You also have a better idea of what applications and services are leaving your network, allowing you to have a better handle of what your firewall is doing. It will take a bit of time and a bit of pain, but it is worth it in the end.