Quote Originally Posted by cariboo907 View Post
A firewall really doesn't do anything on a default installation, as there are no ports open to the outside world, and if you are behind a router, it's a belt + suspenders type of activity.

it's just like the poster earlier that tried to block Opera from accessing the Internet. Web browsers and many other programs use random high ports for out going connections, so it's pretty hard to block a port if you don't know which one it is using, and it changes every time you use a program, have a look at this example:

Code:
netstat -tn
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 192.168.1.215:43915     209.85.225.125:5222     ESTABLISHED
tcp        0      0 192.168.1.215:56053     192.168.1.235:22        ESTABLISHED
tcp        0      0 127.0.0.1:7634          127.0.0.1:53732         TIME_WAIT  
tcp        1      0 192.168.1.215:44341     96.8.82.129:80          CLOSE_WAIT 
tcp        1      0 192.168.1.215:51431     96.8.82.129:80          CLOSE_WAIT
I've bolded the outgoing ports, these change every time a program is opened.
For outgoing connections it is easier to block the dport rather then the source port.

Code:
sudo iptables -A OUTPUT --dport 80 -j DROP
Will block opera (and other web browsers) =)