1.2.1

1.2.1  ::  Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment.

Using iptables with a default DROP policy and only allow the ports necessary will satisfy this requirement.