IMHO,
If you desire to block TFTP, then why not block both TCP and UDP on port 69. Any TCP connection on well known Port 69 would smell like a bad guy or other mal-intender.
Port 69 used to be a big screen door to hackers years ago, might still have a few listeners floating around today.
Bill