Recommended Firewall Settings

How might we go about allowing only what’s necessary for OJS on the firewall? I’m wondering what protocols the application will actually be using across the officially supported plugins and the built-in APIs, so that we can restrict traffic as much as possible to only those protocols and ports.

I recognize that each setup is different, but I’m curious if anyone has any general guidance that could be helpful to the community?