Thanks for the responses everyone.
I am not paranoid(well, maybe just a little). I am just interested in security and all its implementations.
There are a few ways to look at this; For instance, if there is a vulnerability in the application layer, which leads to malicious code being executed on the system, then the right OUTPUT restrictions can potentially counter the attack. This example might not be the best case scenario, but it is most definitely not the worst. Security is about risk management; What attacks are possible, what attacks can be countered or disabled, and how one can best achieve that optimal state in the most efficient way.
Now personally, I am not going to go and re-write OpenSSH, Apache or any other common web facing application as it is an inefficient way to achieve security(and probably in vain as my coding skills are not that great); And we all know that these and many other applications have had exploitable vulnerabilities in the past(some more recently and for all intesive purposes zero day exploits may available for the right price/technically adept mind). A common response to this argument may be, if the data is too valuable to store on a box with web facing applications, don't store it there, but, in all honesty, that is a very prudish way of handling things. I think there can be a happy medium.
After saying all that, the point of my original post, was to try and better understand the way in which I can let the minimal requirements through. I am basically looking for a very strict base configuration. Furthermore, I currently have a limited knowledge of iptables and TCP/IP security and was just hoping to get a better understanding of state tracking and the three way handshake.
Thanks again for all the help.
From what I have read here: http://www.5dollarwhitebox.org/wiki/...Basic_IPTables
The rule below would more or less be the same as having a default ACCEPT policy for the OUTPUT chain. Is that correct?
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
That is specifically what I am trying to avoid as per the default OUTPUT policy being DROP.