Hello Robert,
yesterday it was late and as you can see i have already my posting very much edited. What i tried to say above is the following. If you want to send to all in Internet, then you should choose red and the protocol you want.
So for example your rule 1 destination RED:NTP
Rule 5 destination RED:WHOIS
I want to thank you for your posting. You are, as far as i remember, the first one who start the mission firewallrules after Peter’s blog posting on your first step alone (and not asking for pictures). I was so long waiting for someone like you 
It seems for me you dont want use proxy?
One word about the mirrors IP, some server are accessible from different IP’s. Feel free and use the following list if you also want do it this way. Easier to copy and paste instead from your picture
Mirrorlist IPFire
mirror.aarnet.edu.au 202.158.214.106
mirror.easyname.at 77.244.244.134
mirror.datacenter.by 178.124.134.106
mirror.csclub.uwaterloo.ca 129.97.134.71
muug.ca 208.81.1.244
mirrors.dotsrc.org 130.225.254.116
mirror.cedia.org.ec 201.159.221.67
mirror.espoch.edu.ec 45.184.102.116
mirror.uta.edu.ec 192.188.46.165
ftp.fau.de 131.188.12.211
ftp.gwdg.de 134.76.12.6
ipfire.earl-net.com 188.68.48.191
ipfire-mirror.eissler.pro 5.9.11.78
mirror1.ipfire.org 81.3.27.38
mirror7.ipfire.org 176.9.88.124
ftp.cc.uoc.gr 147.52.159.12
quantum-mirror.hu 195.38.126.147 78.131.56.189
ftp.yz.yamagata-u.ac.jp 133.24.248.16 133.24.248.17 133.24.248.18 133.24.248.19
mirror.marwan.ma 196.200.160.70
ftp.nluug.nl 145.220.21.40
mirrors.up.pt 193.137.29.15
ftp.acc.umu.se 194.71.11.173 194.71.11.165
ipfire.infania.net 194.132.225.213
firemirror.scp-systems.ch 188.165.232.76 149.202.12.120
mirror.onesystems.ch 109.164.249.218
www.mirrorservice.org 212.219.56.184
mirror.clarkson.edu 128.153.145.19