generally that should be the case. I cannot think of a normal application that uses a source port below 1023 - most port scanning security utilities should have the functionality to specific any source port number that you want
applications that "initiate" a session with a src port below 1023 are typically running a service on a PC or Server that has been hacked and "rooted"
thats why it is always good security practice to block outgoing TCP pkts (with the SYNchronization flag set) with src port below 1023.
TCP pkts with ONLY the combinations of SYN-ACK, ACK, PSH ACK, RST, FIN, and FIN-ACK's, should be ok though to let out under 1023 if you have servers on the inside of your network. These usually denote normal network operation (through traffic).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...