The following ports are blocked/filtered by default, and to preserve network quality, cannot be opened/unfiltered:
22 - ssh - filtered to prevent brute force attacks. Any filtering can be completely avoided by changing your SSH port to any value than the default of 22, and this is a recommended best security practice anyway.
25, 465, 587 - mail submission - monitored for spam emission. Open by default and will be automatically blocked if mass mail is noted by automated systems.
111 - nfs/portmap - blocked, used for reflection attacks. NFS can still be set up with static ports, instructions available in your preferred search engine. SSHFS is the recommended replacement for NFS; it's faster, lighter, more secure with default settings, easier to set up, and handles either end disappearing better than NFS.
161 - snmp - blocked, used for reflection attacks. SNMP can be run on any other port.
389 - LDAP - blocked, used for reflection attacks. LDAP shouldn't be used over the public Internet anyway. Use LDAPS. If your application doesn't support LDAPS, it's a great time to upgrade.
Regarding any other ports, you need a service listening on that specific port for it to look "open". For example, if you do not have a web server (Apache/nginx, etc) running on port 80, it will appear as closed when you check it via telnet or an online service. This is because there is no service assigned to that port and not because we block it.
To check if a service listening on the port XXX, run this:
netstat -anp | grep XXX
For example, if you want to know if some software is listening on port 80, you need to run this:
netstat -anp | grep 80
If there is something (probably a web server) listening on that port, you'll see some output like this:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
If you still can't connect to the port even though it shows some software is listening on it, then you should check if your firewall (iptables, ufw, etc) blocking the port.