I think this is best approached from the other direction than what you tried: Start with a working setup, and disable one rule at a time and observe what happens. It will take a while, but it's a lot easier and you'll end up with a ruleset that meets your specific needs.
That said, here are some thoughts that might make things easier:
The browser will need outbound access to ports 80 (http) and 443 (https), so keep those two rules. Add blocking rules to specific sites or domains as desired.
The default rule for mDNSResponder should be left as is, at least at first. It does DNS lookups, among other things.
Some browsers like to do their own DNS lookups, in which case they will ask for outbound connections on port 53 (domain) to a DNS server. It's an alternate way to get IP addresses and is OK to allow.
The boot process will probably need connections to port 67 (bootps) and port 68 (bootpc) to your ISP. I would allow whatever process asks for these connections (configd on Snow Leopard and earlier, don't know about newer OSes).
Under "Any Process", allow incoming UDP and ICMP, otherwise things get messy.
That said, here are some thoughts that might make things easier:
The browser will need outbound access to ports 80 (http) and 443 (https), so keep those two rules. Add blocking rules to specific sites or domains as desired.
The default rule for mDNSResponder should be left as is, at least at first. It does DNS lookups, among other things.
Some browsers like to do their own DNS lookups, in which case they will ask for outbound connections on port 53 (domain) to a DNS server. It's an alternate way to get IP addresses and is OK to allow.
The boot process will probably need connections to port 67 (bootps) and port 68 (bootpc) to your ISP. I would allow whatever process asks for these connections (configd on Snow Leopard and earlier, don't know about newer OSes).
Under "Any Process", allow incoming UDP and ICMP, otherwise things get messy.