Google
 

IPTABLES Scenario 1.1

Here is another example configuration. This is a mail server with allowed services.
Services: remote ssh 22, smtp 25 and pop3 110, http 80, dns 53 and icmp.

/etc/sysconfig/iptables

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# allow local loopback connections
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

# drop INVALID connections
-A INPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A FORWARD -m state --state INVALID -j DROP

# allow all established and related
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#SSH Port (22)
-A INPUT -s 203.189.xxx.15 -m state --state NEW -p tcp --dport 22 -i eth1 -j ACCEPT
-A INPUT -s 203.189.xxx.5 -m state --state NEW -p tcp --dport 22 -i eth1 -j ACCEPT

#Mail Ports 110 and 25
-A INPUT -s 0/0 -m state --state NEW -p tcp --dport 110 -i eth1 -j ACCEPT
-A INPUT -s 0/0 -m state --state NEW -p tcp --dport 25 -i eth1 -j ACCEPT

#Browsing,DNS for RBL and ClamAV Update
-A INPUT -s 0/0 -m state --state NEW -p tcp --dport 80 -i eth1 -j ACCEPT
-A INPUT -s 0/0 -m state --state NEW -p udp --dport 53 -i eth1 -j ACCEPT

#ICMP
-A INPUT -s 203.189.xxx.15 -m state --state NEW -p icmp -i eth1 -j ACCEPT
-A INPUT -s 203.189.xxx.5 -m state --state NEW -p icmp -i eth1 -j ACCEPT

# log all other attempted out going connections
#-A INPUT -i eth0 -j LOG
#-A OUTPUT -o eth0 -j LOG
# default is to DROP all incoming and outgoing connections
COMMIT