now i have the feeling as if there might be a misunderstanding of what “ports” are and what an “open” port actually is. Or i just dont get what you want. i am not on your server/workstation thus i cannot even try to connect TO an external service “from” your machine.
This is most likely a result of my original post being too vague -- which is, of course, entirely my fault. I was intending it to refer to a firewall running on a specific device. For example, a desktop computer with a firewall, which is behind a NAT router.
so what is your scenario? what do you want to prevent?
What is your example in response to? Or perhaps I don't understand what it is attempting to clarify. I don't necessarily have any confusion regarding setting up rules for known and discrete connections like SSH.
accomplish control (allow/block/report) over who or what on my machine can connect to the outside world (using http/s) and to exactly where, but independant of ip addresses but using domains to allow or deny on a per user/application + domain combonation while not having to update ip based rules that could quickly outdate anyway.
Are you referring to an application layer firewall like, for example, OpenSnitch?