iptables-with-logging.sh

iptables -F

iptables -N LOGALL
iptables -N INPUT_LOGGED

iptables -A LOGALL -m state --state NEW -j LOG --log-level 7 --log-prefix "IPTABLES NEW: "
## iptables -A LOGALL -j LOG --log-level 7 --log-prefix "IPTABLES ALL: "
iptables -A LOGALL -j INPUT_LOGGED

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j LOGALL

### iptables -A INPUT_LOGGED -p tcp --dport 990 -j ACCEPT				# FTP
### iptables -A INPUT_LOGGED -p tcp --dport 989 -j ACCEPT				# FTPS
### iptables -A INPUT_LOGGED -p tcp --dport 21 -j ACCEPT				# FTP

iptables -A INPUT_LOGGED -p tcp --dport 953 -j ACCEPT			# RNDC
### iptables -A INPUT_LOGGED -p tcp --dport 5984 -j ACCEPT			# couchdb
iptables -A INPUT_LOGGED -p tcp --dport 4444:5555 -j ACCEPT

iptables -A INPUT_LOGGED -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT_LOGGED -p tcp -j DROP

# /etc/init.d/iptables save active