The first thing we need to do is create a user to run your DC++ client under. We do this because iptables doesn't currently support filtering by program, but it does support filtering by user, so we can create iptables rules that apply only to a specific user and run your DC++ client as that user. I'm using "dc" as my user, you can use whatever you want.
Make sure you specify a UID for your user, you will need this later on. I've chosen 1000 as my UID, you should use a number over 1000, that hasn't already been taken (check the /etc/passwd file for this).
adduser dc --uid 1000
Next we need to create the iptables rules.
Run the commands listed below, remembering to use the right UID.
sudo iptables -A OUTPUT -m owner --uid-owner 1000 -m iprange --dst-range 0.0.0.0-18.104.22.168 -j DROP
sudo iptables -A OUTPUT -m owner --uid-owner 1000 -m iprange --dst-range 127.0.0.2-22.214.171.124 -j DROP
sudo iptables -A OUTPUT -m owner --uid-owner 1000 -m iprange --dst-range 126.96.36.199-188.8.131.52 -j DROP
sudo iptables -A OUTPUT -m owner --uid-owner 1000 -m iprange --dst-range 184.108.40.206-254.254.254.254 -j DROP
For these filters to work you have to run your client as your DC++ user, to do this run the command shown below. Replace valknut with whichever DC++ client you use
su -c valknut dc
You should now have DC++ running as user dc and with external connections blocked. You may find you need to run
in order to get the GUI stuff running properly from your normal user account (eg.
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
type errors) If the problem persists try
NB. These rules will reset whenever you restart your computer, so it is probably wise to create a script with the actual iptables rules and set it to run on startup.
We can do this by using the iptables-save and iptables-restore commands. Once you have your iptables set up correctly, use the following command to save your configuration to a hidden file in your home directory
sudo iptables-save > ~/.iptables
And add the following command to your /etc/rc.local above the exit 0 line (or somewhere that will be run at startup)
sudo iptables-restore ~/.iptables