how to create a policy that enables certain ports/protocols and blocks the
rest?

i know how to create a filter list/action but if i create a filter list that
permits HTTP + FTP, and another one that block all ip traffic i don't get
the desired effect - i guess the block action has higher priority than
permit, but how then to permit small range of ports while disabling the
majority - except to create a filter for each port (ludicrous) ?