I'm just going to refer to my previous comment
And we're not blocking specific ports for the client computer networks. We only have a handful of outside TCP/IP addresses that are used by client computers, and we're using Port Address Translation to map available ports presented to the outside to the actual ports on your internal-to-Drew IP address on-campus. It's the same as putting your computer behind NAT off a home router, just on a bigger scale. If a piece of software works with NAT, it should work normally on our network.
The way we handle the Drew-managed servers and services is completely different, and we block all low-numbered network ports to those addresses except for the ones we explicitly allow.