Firewalls on hosts should really only be used for protection against inbound traffic, trying to use firewalls on a host to block that host from sending traffic a) doesn't scale on a network of many hosts and b) can be overriden if the thing trying to send traffic has root access to modify the firewall.
Gateway firewalls are much less susceptible to malicious modification this way, and IMO are the best way to protect yourself from this type of corporate spying in general.
