It does not. It blocks all outgoing connections to TCP/UDP 53 and 80. There's no such thing as port 80 UDP HTTP traffic (there is QUIC, which uses TLS by default; your rules would block it by default), and HTTP traffic can be received over a different port than 80 TCP. Your example of NTP is also wrong, as it uses 123 UDP; not TCP. Furthermore, if someone were to skew the clock too much, your average NTP client does not accept such.
This stops only very archaic malware. I guess a poor man's NIDS.
It does not. It blocks all outgoing connections to TCP/UDP 53 and 80. There's no such thing as port 80 UDP HTTP traffic (there is QUIC, which uses TLS by default; your rules would block it by default), and HTTP traffic can be received over a different port than 80 TCP. Your example of NTP is also wrong, as it uses 123 UDP; not TCP. Furthermore, if someone were to skew the clock too much, your average NTP client does not accept such.
This stops only very archaic malware. I guess a poor man's NIDS.