With settings at that draconian a level, I’m not sure you can.
If you allow outbound traffic to establish a reasonably persistent session and an inbound path (which just about every application requires), you shouldn’t actually need to open any ports for outbound traffic. For inbound traffic (establishing calls with an ITSP, for example) you need to allow UDP 5060/5160 and 10000-20000.