What you're doing is eminently possible. Think about it - it's just like a "home" router plugged in backwards; your home router wouldn't allow any traffic in unless it's related to an outbound connection.
I get what your saying, but even with a home router your PC *is* able to outbound connect to any IP it wants to, regardless of if that IP has attempted an incoming connection first. In my Co-located server mikrotik firewall its as if every web visitor is " authenticated for outbound access" by way of their attempt to connect to the servers public IP on port 80 (or 445 for ssl )
I can say this for sure, there was a php (or i think a WordPress) exploit that had been preformed on this server, and it was constantly connecting to other external websites on the internet (my server was being used as a proxy, among other nefarious actions as a result of this exploit).
A client on this particular server of mine had not updated their WordPress install in 4 years (he also didnt have wordpress auto-update enabled) , thus the exploit / vulnerability was un-patched and someone exploited it. I got a few notices of abuse (external websites which had been attacked from my servers public IP sent logs and info to my ISP/data-center which then forwarded those reports to me) This lead me to investigate the exploit and come up with this mikrotik firewall solution, so far it has worked to stop any exploits which i have not cleaned from my server, from being useful in anyway. I even temporarily left a few exploits on the server to test if this mikrotik fw rule successfully blocked them and it has (i then cleaned up those exploits too)
I should also add that this rule / the MT firewall is not the only firewall im running, on the actual servers i run iptables (linux firewall) to handle IP list based access for management ports (since the servers have public IPs).