-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
+# Explicitly allow outgoing traffic to the following IP addresses. This is
+# for things like Google cloud addresses which are owned by but not operated
+# by google.
+-A OUTPUT -m set --match-set glocker-except dst -j ACCEPT
# Prevent all outgoing traffic to banned IP addresses also
-A OUTPUT -m set --match-set glocker dst -j DROP