Firstly is there a Best Practice Firewall Guide
What is the best way to write rule for as an example NTOKRNL.exe where the Local Service is 1024-65535 and the remote service has multiple instances of ranges of port number. I suppose it should just be setup as Local Service 1024-65535 and Remote Service 1024-65535
which make sense, or can the remote service be narrowed down.
Hello, firewall rules should be created per your security policy. Cut/pasting this from another thread, that I just posted to, as it's relevant to your question as well.
As with any application and firewall rule, you'll need to decide how strict your create your rules. Find all necessary ports required by the application (in this example, do port checks on local systems; search Microsoft's articles; find what ports it's supposed to use and what it is using). Decide how strict you want to make the rule and create the rule based off your decisions.