Question about svchost.exe and "System"

I have problems understanding whether I should allow svchost.exe to do all kinds of connections or whether I should give it specific rules. The same goes for the “System” file group.

I know that svchost.exe needs to access port 53 (DNS), so that one is pretty clear. But should I allow it everything or should I create specific rules for these categories?

I’d appreciate a temporary rule-set if anyone have one?

Take a read through this thread