"So, you've just got your fast Cable or DSL connection and now
you need a firewall to protect you? No problem."
"Your basic firewall will tend to look something like this:
#accept now, deny and log later
iptables -P INPUT ACCEPT
#accept traffic from the lan
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
#take advantage of connection tracking
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#accept connections for ssh and http
iptables -A INPUT -p tcp -m multiport --destination-port 22,80 -j ACCEPT
# log and deny
iptables -A INPUT -m limit --limit 5/minute -j LOG --log-level 5 --log-prefix
iptables -A INPUT -j REJECT
"Kinda boring huh? about the only thing that's new in that
script is the connection tracking for established packets."