# (c) DVE, 2015
*filter
:INPUT DROP     [0:0]
#:INPUT  ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT  [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# to open 555 for SSH from everywhere!
-A INPUT -p tcp -m tcp --dport 555 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
# Web
-A INPUT -m state --state NEW -m tcp -p tcp --dport  80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 433 -j ACCEPT
# Something
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j DROP
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT