Firewall to allow only web browsing and no other network access

I am working on Debian Stable and it is working very well. I see apf-firewall to simplify iptables. I want my firewall to only allow web browsing (including forms) and block all other network access. How is this possible with apf-firewall? Or could I do it with FireHol software? It seems to have simple configuration commands: version 6 interface4 eth0 home server dns accept server ftp accept server samba accept server squid accept server dhcp accept server http accept server ssh accept server icmp accept interface4 ppp+ internet server smtp accept server http accept server ftp accept Which lines should I keep if I want only web browsing to be permitted? Edit: Will following 2 rules using nftables be sufficient for my needs? nft add rule ip filter input tcp dport 80 ct state new,established accept nft add rule ip filter input tcp dport 443 ct state new,established accept