hardcoded to send a few specific ports to your server. It also depends on what your server is running. Often programs can use a variety of different ports. You may consider a custom port on the server. Then open the firewall to just that port. The key here is the end user has no idea what protocol to talk with the server.
In any case, I would still think set it up and forget about it is typically sufficient. Also it depends what type of information is on the server. Layering security due the sensitivity of the data and cost is the general approach.