I want to make a really secure environment for a Linux computer. Essentially I will direct connect to the hardware with keyboard and screen only, there is no need to have any SSH etc. so all servers will be stopped, UFW will block all inbound ports.
Re outbound ports, there is one client service for arguments sake 'foo-serviced' that will need to connect to some other servers on my LAN, its a client that gets a system allocated outbound port. If possible I would like to block all outgoing traffic too, except for that foo-serviced connection. Is there a way to manage system allocated ports so I can allow that port, or is there a way to allow specific clients access?
After further research I realised that I can block all outbound and then use the port of the destination server to allow the outbound access.