Firewall - Traffic Rules block all except certain ports?

I am trying to block all direct WAN traffic to a certain Win10 machine with the following rule. I have privoxy setup on another machine and the web traffic is directed through that using windows proxy setting. It is working. But, now I want keep certain ports open for email e.g. 587 and another custom application. How do I do that?

OpenWrt 19.07.2 r10947-65030d81f3 / LuCI openwrt-19.07 branch git-20.057.55219-13dd17f

config rule
	option src 'lan'
	option dest 'wan'
	option name 'BlockWinblows’ 
	list src_mac 'F9:83:A1:CE:52:AA’
	option target 'DROP'

You can setup individual rules to allow traffic from that Windows to the wan and place the allow rules higher than the general drop rule.

Can you please elaborate? Am I going to put the allow rule before the drop rule for that device in the text file? or is it later? Block everything then allow few things?

Like this:

config rule
	option src 'lan'
	option dest 'wan'
	option dest_port '80'
	option proto 'tcp'
	option name 'Allow HTTP’ 
	list src_mac 'F9:83:A1:CE:52:AA’
	option target 'ACCEPT'

config rule
	option src 'lan'
	option dest 'wan'
	option name 'BlockWinblows’ 
	list src_mac 'F9:83:A1:CE:52:AA’
	option target 'DROP'

Or if you do it in Luci, make sure the ACCEPT rule is above the DROP.

I tried following. It failed. I think that the failure is due to missing inbound path for SMTP handshake. What do I open just for this inbound handshake? Can I limit it to smtp.isp_server.com?

config rule
	option src_port '465'
	option src_port '465'
	option src 'lan'
	option proto 'tcpudp'
	option name 'outbound Email'
	option dest 'wan'
	option target 'ACCEPT'
	list src_mac ’11:22:33:44:55:66’

config rule
	option src 'lan'
	option dest 'wan'
	option name 'BlockAllTraffic’
	list src_mac '11:22:33:44:55:66'
	option target 'DROP'

Notice that you are using apostrophe than single quote.

Other than that post here the whole firewall configuration to have a better view.