The standard rule with firewalls is "Block Everything" in every direction.

Then prove to yourself that it's doing exactly that.

Once you are convinced that you CAN be secure, open specific paths through the firewall to only allow the minimum access required.

Then retest to ensure that you are still secure.

Rinse and repeat.