iptables is present by default on all modern Linux distributions. It's easy to configure for common scenarios:

1.  If don't want to contact a given site (for example, a known malware site), you can block traffic to that IP address:

        #iptables -A OUTPUT -d 8.8.8.8 -j DROP 

If you use PING 8.8.8.8 in another terminal, then by running the iptables command, you will see this:

        PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 
        64 bytes from 8.8.8.8: icmp_req=1 ttl=56 time=221 ms 
        64 bytes from 8.8.8.8: icmp_req=2 ttl=56 time=221 ms 
        ping: sendmsg: Operation not permitted 
        ping: sendmsg: Operation not permitted 

Here, the ping fails the third time because we used the iptables command to drop all traffic to 8.8.8.8.

2. You can also block ...