I wasn't going to mention this but since someone posted this I might as well point more out. Yours is based for FiOS setup and modem/router Mine is the DSL service SE567 or whatever so this might not apply to you however, it might give added insight to something you missed.
This isn't the only thing that needs done. In my case the router detected that no incoming connections have been made and eventually "called out." On the my modem it would open a port 80 connection to a specific IP where the services normally come from and make an active connection.
YES the modem will open up the firewall to port 80 even if you blocked this service. Most routers have this port open anyway so it would be completely undetected. It can then request the updates despite the firewall blocking that incoming port. As I stated earlier you might not even see this connection on the firewall listing because it's normally open. If you do see it chances are it'll be restricted and you most likely won't be able to disable it.
There are ways to block this using weaknesses in the way the firmware accesses rules but the average user need not worry about it. The rules are setup as first come first serve. When the router itself opens a restricted firewall rule it creates a rule in the 2000's directly to the IP of the servicing site.
This second stage is simple to fix. If you know the IP it calls out just make a lower firewall rule 2000 that blocks that specific IP address it calls out. In fact once you create the first block listed above and block all outgoing connections the router practically gives away the IP address that will be blocked.
What will end up happening after this is done is the router will create a firewall setting rule 2k pluss to open the port to it's base. If you figured it out already and created a lower rule it'll effectively block the rule created by the router.
I've used this trick a lot of times creating ports that where allowed out for lower ports then having a rule 99999 that blocks everything else outgoing. Because the lower rules are checked in sequence lowest to highest the lowest rules have priority over the higher rules. This allows them to activate first and ignore the higher rules completely bypassing them.
This might not be the same for your setup, I just thought you should be aware of my findings and experience in another setup.
Ever since implementing this "Block Frontier Router Management" the MI424-WR Rev C FiOS router has remained up for more than 80 days with no changes to hostname, dns servers, etc.