This page indexes as many firewall rules for various common purposes as possible.
A module that asks the user to add specific firewall rules when installing packages is conceivable but hasn't been created thus far.
Try to edit the rules for them to be as restrictive as possible. Register on this Wiki even if you just want to add a word or remove a line on this page.
Note that the order of firewall rules matter.
iptables
Applying the rules
Install iptables-persistent via apper or apt-get install
Edit the rules.v4 file such as by running sudo kate /etc/iptables/rules.v4 (or /etc/iptables/rules.v6) and copy any rules you want to add from below into it, then save the file and run sudo iptables-restore < /etc/iptables/rules.v4 (or sudo ip6tables-restore < /etc/iptables/rules.v6).
Alternatively you can run iptables {rule} from the console
Restriction
#DROP everything by default
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
Logging
#Log 4 dropped packets per minute to /var/log/syslog
-A INPUT -m limit --limit 4/min -j LOG --log-prefix "~~~~IP INPUT DROP: "
#LOG 4 dropped packets per minute to /var/log/syslog
-A OUTPUT -m limit --limit 4/min -j LOG --log-prefix "~~~~IP OUTPUT DROP: "
Localhost
#LOCAL
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
Client
HTTP
#HTTP
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 8080 -m state --state ESTABLISHED -j ACCEPT
#-A INPUT -p tcp -m tcp --sport 8080 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
#-A OUTPUT -p tcp -m tcp --sport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
#-A OUTPUT -p tcp -m tcp --dport 8080 -m state --state NEW,ESTABLISHED -j ACCEPT
HTTPS
#HTTPS
-A INPUT -p tcp -m tcp --dport 443 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
DNS
#DNS
-A INPUT -p udp -m udp --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
PING
#PING
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
KDE Connect
#KDE Connect
-A INPUT -p udp -m udp --dport 1714:1764 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 1714:1764 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 1714:1764 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 1714:1764 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 1714:1764 -j ACCEPT
IRC
6697
IMAP
#IMAP
-A INPUT -p tcp --sport 993 -j ACCEPT
-A OUTPUT -p tcp --dport 993 -j ACCEPT
Server
UFW
Restriction
Applying the rules
Client