Incoming/Outgoing seperation for VPN

My situation is that I want all my outgoing connections from my Debian server to pass through a commercial VPN service I’ve subscribed to, but I still want to run public-accessible services on this server, and not have them pass through the VPN.