iptables Is more simple as it looks.
For example, you want:
- Allow all outgoing traffic.
- Block all incoming traffic.
- Allow one incoming port or service (In my example 80).
- Allow SSH incoming too.
Just run (as root):
# Install need packages for keep rules in reboots
apt install iptables-persistent
# Allow SSH as 1st steep for keep your connection
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# Set default chain policies
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Accept on localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow established sessions to receive traffic
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow your port here
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
# Check current rules
iptables -S
# Keep them on reboots
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6