Disable outgoing connection via firewall

br flag

For a headless setup, I would like to set up ufw so that

  • ssh into the machine is possible
  • no outgoing connections are allowed (not ssh, nor anything else; edit: particularly to the local network)

How do I configure ufw like this?

Explanation: I am trying to restrict all LAN traffic on a Raspberry Pi, except for incoming ssh (via port forward). The idea is to create a 'sandboxed' environment with no connectivity to machines on the same subnet. That is to say, unless the user knows the sudo password, and disable ufw, they cannot access the LAN.

Many thanks!

(Please note: As this is for a headless setup, I would like this to work while I ssh into the device. I.e., the ssh port has to stay open, or be opened immediately.)

hu flag
Does this answer your question? [How do I with ufw deny all outgoing ports excepting the ones I need?](
bjohas avatar
br flag
Thank you for the tip. It's not clear to me that that that post actually has a solution :) It seems to offer a recipe, but not really a complete/accepted solution?
br flag

I believe that this would work, but would appreciate feedback from others:

sudo ufw allow ssh
sudo ufw allow out to
sudo ufw deny out to
I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.