What about applying these rules also for egress traffic?

[gparmeggiani]

I'm thinking of the specific case of a malware talking to its C&C server via UDP. These rules won't block the upload traffic. Given the growing number of ransomware with the goal of stealing private data, a upload-only UDP connection should be enough for them for their job.

[WaterByWind]

The rules can apply wherever you apply them - that is entirely up to you.

If you want to add a rule to the 'out' direction on an interface (such as your WAN) then you absolutely can do so. There is nothing preventing that.