In addition to the Eugene Khrustalev variant : I
assume that raspberry is not sitting on the Internet with his bare bottom, but behind some kind of router.
In this case, it would be most reasonable to move it to the so-called demilitarized zone (DMZ):
1. Settle it in a separate Ethernet segment/VLAN
2. In this segment:
2.1. Use separate gray ip-addressing
2.2. Configure NAT: Destination NAT for incoming and Source NAT for outgoing connections from Raspberry
2.3. Deny any access to the router itself, allowing only traffic transit
3. Explicitly allow only allowed types of traffic on the router:
3.1. From internal network to DMZ
3.2. From DMZ to the internal network (not worth it, but suddenly for some reason it is very necessary)
3.3. From DMZ to Internet
3.4. From the Internet to the DMZ
Thus, even if the server is hacked, rooted and iptables disabled on the raspberry, the villain will not be able to get out of there anywhere, because the traffic is cut on a router that is conditionally invulnerable to him.