In GTA Online there are many things you can do in freeroam like CEO missions, bunker work, motorcycle club activities, or even just messing around in the sandbox. Though with a game as popular as GTA V, there are a lot of people playing online and so the game is designed for you to play with others. A lot of the activities in the game you cannot do in a private lobby, so you have to go to a public lobby to do what you want to. The main issue with that is that it now opens you up to griefers and hackers messing with you and what you are trying to do.

Fortunately, there are ways to get around this. Some people suspend the GTA V process for a few seconds to disconnect everyone. This works great however this doesn't secure your lobby and will eventually fill up with players again.

Another way is blocking one of the ports the game uses drop all users from the session. This also works great and could be a primary solution for you if you are playing solo. But what if we could keep the session secure while also allowing our friends to stay connected? That is what Sora and I have figured out.

The firewall we're going to use is iptables. But before I get into the rules and how to use them, first I will tell you about the ports we're going to be using and blocking.

One of the most important ports is port 6672. This is the main port that is used for players to connect to eachother. We will use this port to allow our friends to connect, but block others from connecting.
Next we will be blocking a port range 61455-61458. The reason we block this is because GTA V can sometimes use relays to connect players to each other.

Securing your lobby
Example ip-tables rules
The main part that you want to focus on is the rule for your friends

-A OUTPUT -d FRIENDSIPHERE -p udp -m udp --dport 6672 -j ACCEPT

and the rules that stop anyone else from joining.

-A OUTPUT udp -m udp --dport 6672 -j DROP

-A OUTPUT -p udp -m udp --dport 61455:61458 -j DROP

Once you get your iptables setup and saved you are ready to get a lobby.
To do this, you first must have your firewall off.

iptables --flush

Then you load into singleplayer and join a random GTA Online session. After you fully load into this online session re-enable your firewall.

iptables-restore /etc/iptables/iptables.rules

If everything is going correctly then all of the players should leave and will be in a session by yourself.
Now you must turn your firewall off so your friends can join.

iptables --flush

Once your friends have fully loaded in you can re-enable your firewall.

iptables-restore /etc/iptables/iptables.rules

As long as you didn't initially connect to GTA Online through a relay, your friends should stay connected to you with the firewall up. If they get kicked start the process again.

That's it! If you do a heist or an activity that takes you out of freeroam you will have to set this up again.