Blocking Outbound Ip

10.0.1.25 = LDAP Server
10.0.1.102 = DNS Server
10.0.1.103 = Trusted Host 1
10.0.1.27 = Trusted Host 2

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [197:20792]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 10.0.1.25/32 -p tcp -m tcp --dport 389 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 10.0.1.25/32 -p tcp -m tcp --dport 636 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 10.0.1.25/32 -p udp -m udp --dport 389 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -s 10.0.1.25/32 -p udp -m udp --dport 636 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -d 10.0.1.25/32 -p tcp -m multiport --dport 389 -j ACCEPT
-A OUTPUT -d 10.0.1.25/32 -p tcp -m multiport --dport 636 -j ACCEPT
-A OUTPUT -d 10.0.1.25/32 -p udp -m multiport --dport 389 -j ACCEPT
-A OUTPUT -d 10.0.1.25/32 -p udp -m multiport --dport 636 -j ACCEPT
-A OUTPUT -p udp -d 10.0.1.102 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -s 10.0.1.102 --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -d 10.0.1.102 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -s 10.0.1.102 --sport 53 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -s 10.0.1.103/32 -j ACCEPT
-A INPUT -s 10.0.1.27/32 -j ACCEPT
-A OUTPUT -d 10.0.1.27/32 -j ACCEPT
-A OUTPUT -d 10.0.1.103/32 -j ACCEPT
COMMIT

Basically once you've been able to login to the console simply save the above to some temporary file (for this example we will call it rules.txt.)

# cat rules.txt|iptables-restore

This will permit ldap authentication from your ldap host. This will permit dns queries to your resolver host. This will permit all ip from (2) trusted hosts. Everything else is blocked. This is so you can prevent the host from running anything that connects to some remote host giving you time to study a server that has been owned.