- Don't use iptables to apply your rules one at a time, use iptables-restore to apply a whole ruleset in one action.
- Set your INPUT and FORWARD policy to DROP.
- Don't set your OUTPUT policy to DROP unless you really know what you're doing.
- If you're going to implement a blacklist or whitelist, you should look at using ipsets if that list is going to be more than two or three addresses, and if it might be dynamic.
- Allow all traffic on lo.
- You should ALLOW traffic in ctstates of RELATED and ESTABLISHED near the beginning of your rules
- Don't use iptables -L
- DON'T USE IPTABLES -L
- Use iptables-save instead of iptables -L.