I have a problem with a device/receiver (wegener i8640) at a radio station. They request these four ports to be open: 80,443,123,53. If I forward them to the device, only 80 show as open, but that exposes the editable status page of the receiver to the world on the public IP. How do I configure the firewall to be open for incoming without exposing the status page to the world? I won't go into all the things I've tried, but need help.

It's an oxymoron ...opening port for the world not opening it for the world.

No clue what port 123 (NTP) or 53 (DNS) should be opened (redirected to the device) for?

My guess (but I could well be wrong...)

They want access to the outside internet using these ports.
So remove the inbound port forwards.

If keen (and possibly not a terrible option), you could block (and log) all other outbound access.

Yes, many devices list "open port requirements" for access they want TO the internet.
But in most default configurations of routers with connection-tracking firewall (like MikroTik), ALL ports are already open outbound.
So there is nothing you need to change on the router.

It is unfortunate that publishing these requirements leads to action (opening ports from outside to inside) that actually makes the configuration unsafe...