A configuração de iptables que uso em meus servidores pessoais.

iptables.rules

# Generated by iptables-save v1.4.2 on Wed Feb 10 02:27:40 2010
*raw
:PREROUTING ACCEPT [50797:74255039]
:OUTPUT ACCEPT [25636:1371004]
COMMIT
# Completed on Wed Feb 10 02:27:40 2010
# Generated by iptables-save v1.4.2 on Wed Feb 10 02:27:40 2010
*nat
:PREROUTING ACCEPT [152:51984]
:POSTROUTING ACCEPT [41:2614]
:OUTPUT ACCEPT [41:2614]
COMMIT
# Completed on Wed Feb 10 02:27:40 2010
# Generated by iptables-save v1.4.2 on Wed Feb 10 02:27:40 2010
*mangle
:PREROUTING ACCEPT [50797:74255039]
:INPUT ACCEPT [50645:74203055]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [25636:1371004]
:POSTROUTING ACCEPT [25636:1371004]
COMMIT
# Completed on Wed Feb 10 02:27:40 2010
# Generated by iptables-save v1.4.2 on Wed Feb 10 02:27:40 2010
*filter
:INPUT ACCEPT [50645:74203055]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [25636:1371004]
-A INPUT -i lo -j ACCEPT 
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j ACCEPT
-A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j ACCEPT
-A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 22 --sport 1024:65535 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -i eth0 --dport 80 --sport 1024:65535 -m state --state NEW -j ACCEPT
-A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp -m multiport --dport 21,22,80,443,448,587 -m multiport --sport 1024:65535
-A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp
-A INPUT -j DROP
-A OUTPUT -j DROP
-A FORWARD -j DROP
COMMIT