I want all ports for outgoing/incoming traffic to be blocked unless they are from a local source (e.g. source is 192.168.1.*) unless I explicitly open the port (in case I want to set up OpenVPN or some such later on) and for local traffic I only want the ports which are required by samba, ssh and the web ui to be open.
How would I do this?