Are you referring to managing firewall rules on the Pi-hole machine itself or on a different machine, e.g your router or a dedicated firewall device?
For Pi-hole to work correctly, it is mandatory that the firewall on the Pi-hole machine allows for the ports as listed in Pi-hole's prerequisites.
It is commonly not necessary at all to adopt firewall rules on your router for Pi-hole.
In particular, you should not open port 53 for outside traffic, as that would mean you'd expose your network to public access and run the risk to operate Pi-hole as an open resolver.
A standard Pi-hole will only ever send requests to its upstream DNS servers via port 53 and HTTP/HTTPS requests for updates; it will receive port 80 HTTP requests for its web UI, and you may see DHCP traffic on associated ports (68 and 547).if PI-hole's DHCP server was enabled.
Ports 4711+ for pihole-FTL's API are only used locally.
Your firewall reports are for the Pi-hole machine.
But Pi-hole is not the only software on your Pi-hole machine that's making network requests, e.g. OS may reach out to NTP time servers.
Any additional software on your Pi-hole machine may add to this.