shell# iptables -t filter -A OUTPUT -d 127.0.0.1 -j ACCEPT
shell# iptables -t filter -m owner –uid-owner http-ss -A OUTPUT -p tcp –sport 1080 -j ACCEPT
shell# iptables -t filter -m owner –uid-owner http-ss -A OUTPUT -p tcp –dport 80 -j ACCEPT
shell# iptables -t filter -m owner –uid-owner http-ss -A OUTPUT -p tcp –dport 443 -j ACCEPT
shell# iptables -t filter -m owner –uid-owner http-ss -A OUTPUT -p tcp -j REJECT –reject-with tcp-reset
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -m state –state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp –dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp –dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp –dport 53 -j ACCEPT
iptables -A OUTPUT -p udp –dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp –dport 25 -j DROP
iptables -P OUTPUT DROP