The following ports are blocked/filtered by default, and to preserve network quality, cannot be opened/unfiltered:
22 - ssh - filtered to prevent brute force attacks. Any filtering can be completely avoided by changing your SSH port to any value than the default of 22, and this is a recommended best security practice anyway.
25, 465, 587 - mail submission - monitored for spam emission. Open by default and will be automatically blocked if mass mail is noted by automated systems.
111 - nfs/portmap - blocked, used for reflection attacks. NFS can still be set up with static ports, instructions available in your preferred search engine. SSHFS is the recommended replacement for NFS; it's faster, lighter, more secure with default settings, easier to set up, and handles either end disappearing better than NFS.
161 - snmp - blocked, used for reflection attacks. SNMP can be run on any other port.
389 - ldap - blocked, used for reflection attacks.
Regarding any other ports, you need a service listening on that specific port for it to look "open". For example, if you do not have a web server (Apache/nginx, etc) running on port 80, it will appear as closed when you check it via telnet or an online service. This is because there is no service assigned to that port and not because we block it.