"ie. to allow web surfing, a firewall will allow port 80, but most of the time it will allow both outbound and inbound 80"? outbound http traffic uses ephemeral ports, not 80.
Outbound firewall rules almost never limit the source port, 99.99% of them only limit the destination port. If party A can accept packets on port 80 then almost any client out there can connect to the service on that port. The point being made is that a lot of default firewall rules allow traffic to any port 80 destination and accept traffic from any source to the local port 80.
