if you have Checkpoint FW make sure to tune some parameters as it has something called implied rules , sometime called rule number Zero , example by default DNS and DHCP traffic allowed .
to check implied rules go to view and last tab you will find implied rules .
what services you shall disable , it depend on security level you want by below what i recommend , also you can disable implied rules and insert regular rules in Firewall so its not a big deal .
go to policy –> global properties
After choose Firewall – this will view implied rules as below – uncheck the pointed ones with arrow
there is others rules in OSE , which can be disabled also
dont forget to install the new policy after finishing changing the rules , else it wont take an affect