# clear iptables
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# allow localhost
iptables -I INPUT 1 -i lo -j ACCEPT

# allow established and related
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# open ports
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 726 -j ACCEPT

# allow ping
iptables -I INPUT 7 -p icmp -m icmp --icmp-type 8 -j ACCEPT

# block everything else
iptables -A INPUT -j DROP

# save
iptables-save > /etc/iptables/rules.v4

# add fail2ban entries back
service fail2ban restart