How can I block an incoming or outgoing connection?

It is a common task to block outgoing or incoming requests without affecting all other traffic. This can be done using the NetFilter component of PCAP Filter.

For UDP, the task is simple - each packet is independent, so if you need to block e.g. requests to a remote server on port X UDP, you simply block the packets using the corresponding BPF rule. For example, to block a DNS request, you use a BPF rule "udp and dst port 53" and specify in the rule parameters, that the direction must be outbound.

With TCP connections, things get more complicated. If you need to block an outgoing connection and for this try to block outgoing packets by address/port, you will block not just the packets that initiate an outgoing request, but also packets that are responses to incoming packets of permitted incoming connections. For incoming connections not to be affected, you need to block only the first packet of a TCP handshake, letting all other packets (even those that match your address/port restrictions) pass. For this, you need to add a rule with the direction set to outgoing and the BPF rule that includes tcp[tcpflags] & tcp-syn != 0. If you need to block specific address or port, add it to the BPF rule, e.g.: tcp and dst host 192.168.0.101 and dst port 443 and (tcp[tcpflags] & tcp-syn != 0) and (tcp[tcpflags] & tcp-ack == 0) (the address value 192.168.0.101 and port value 443 are the ones you need to adjust). The same principle works for incoming TCP connections.