1.I do want to block access to our internal resources which are accessible via any internet facing IP on the router
2.Yes, i'd like to block outbound to non-uk countries as well
3.As regards to specific ports...again this is a requirement (if possible) to block EVERYTHING as there's no location inbound or outbound that we need to access or give access to outside of the UK so it would be a complete block on anything in any direction on any port
4. Yes, i "assume" this would be the only policy so my goal is as you've said....block everything from non-uk and allow everything from uk
Apologies if I've mis-understood this as i thought it might be a simple case of putting a rule in to say if it's not from the uk then block (whether that's a rule with all the non-uk countires in....otherwise proceed down the firewall rules which it would then do normally ?