GUFW is a graphic user interface (GUI) for iptables. It basically lets you create rules for iptables but with pretty pictures and the mouse instead of command line or config files. I could write a guide… but this screenshot basically says it all. Apt-get update && apt-get install GUFW. Then add what you see below for DNS, HTTP, HTTPS, and you can ignore the 7070 rule. If you can do that you can set it up for anything. There are plenty of guides on the internet and for a program as simple as this I really don’t feel like I need to throw another guide out there.
As you can see I’m filtering both inbound and outbound traffic. I honestly don’t feel that outbound Firewalls are worth much – the code has already executed locally – but it’s another layer and if it isn’t too annoying I’ll leave it on.
What I’ve done is allowed for the ports necessary for browsing and for IRC to have outbound access but that’s all. No other ports can be accessed by user applications on the system.