Egress filtering is the practice of controlling which outbound network connections systems are allowed to make.
Egress filtering is the practice of controlling which outbound network connections systems are allowed to make. In plain language, it limits where internal devices or workloads can send traffic after they are already on the network.
Egress filtering matters because many security programs focus heavily on incoming traffic and forget that compromised systems also communicate outward. Restricting outbound paths can reduce command-and-control traffic, data exfiltration, and accidental exposure.
It also matters because a system that can connect anywhere is harder to monitor and harder to contain.
Egress filtering appears in Firewall rules, proxies, cloud Security Group designs, server hardening, and segmentation strategies. Teams connect it to Network Segmentation, Command and Control, and Denial of Service resilience planning.
It is a common defensive layer in environments where servers should reach only a small number of approved services.
A production application server is allowed to talk to its database, internal logging service, and a specific update repository, but all other outbound internet access is blocked by policy.
Egress filtering is not the same as inbound filtering. Inbound controls regulate what can reach a system, while egress filtering governs what that system can reach after compromise or misuse.
It is also not a guarantee against exfiltration by itself. It works best when combined with strong monitoring, segmentation, and identity controls.