*filter# Allow all loopback (lo0) traffic and drop all traffic to 127/8 t

1.  
2. *filter
3.  
4. # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't $
5. -A INPUT -i lo -j ACCEPT
6. -A INPUT -d 127.0.0.0/8 -j REJECT
7.  
8. # Accept all established inbound connections
9. -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
10.  
11. # Allow all outbound traffic - you can modify this to only allow certain traff$
12. -A OUTPUT -j ACCEPT
13.  
14. # Allow HTTP and HTTPS connections from anywhere (the normal ports for website$
15. -A INPUT -p tcp --dport 80 -j ACCEPT
16. -A INPUT -p tcp --dport 443 -j ACCEPT
17.  
18. # Allow SSH connections
19. #
20. # The -dport number should be the same port number you set in sshd_config
21.  
22. -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
23.  
24. # Allow ping
25. -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
26.  
27. # Forward port 80 to 8080
28. # Error here
29. -A PREROUTING -p tcp -m tcp -i eth1 --dport 80 -j REDIRECT --to-ports 3128
30.  
31. # Log iptables denied calls
32. -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-l$
33.  
34. # Drop all other inbound - default deny unless explicitly allowed policy
35. -A INPUT -j DROP
36. -A FORWARD -j DROP
37.  
38. COMMIT