OP
$ I -P OUTPUT DROP
$ I -P FORWARD DROP
## allow tcp, udp packets for already established tcp, udp connections
## plus tcp, udp packets creating new tcp, udp connections
$ I -A INPUT -p tcp -m state --state ESTABLISHED, RELATED -j ACCEPT
$ I -A INPUT -p udp -m state --state ESTABLISHED, RELATED -j ACCEPT
$ I -A OUTPUT -p tcp -m state --state NEW, RELATED, ESTABLISHED -j ACCEPT
$ I -A OUTPUT -p udp -m state --state NEW, RELATED, ESTABLISHED -j ACCEPT
## allow loopback, for applications using UNIX sockets
$ I -A INPUT -i lo -j ACCEPT
$ I -A OUTPUT -o lo -j ACCEPT
# Services
## allow to connect via ssh and others wants to connect my PC via ssh
$ I -A INPUT -p tcp --dport 22 -j ACCEPT -s lt; source gt;
lt; ... gt;
## I want to show web face of nagios and mrtg
$ I -A INPUT -p tcp --dport http -j ACCEPT -s lt; source gt;
lt; ... gt;
## Here goes OCS Inventory needs access
$ I -A INPUT -p tcp --dport http -j ACCEPT -i eth0.92
## allow icmp
$ I -A INPUT -p icmp -j ACCEPT
$ I -A OUTPUT -p icmp -j ACCEPT
## system logging
$ I -A INPUT -p udp --dport 514 -j ACCEPT -s lt; source gt;
lt; ... gt;
