Some simple iptables rule

iptables

iptables -F

#Prevent DDOS, kudos to Digital Ocean
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
 
iptables -A INPUT -i lo -j ACCEPT
 
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
 
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

# Allows mosh, the mobile shell
iptables -I INPUT 1 -p udp --dport 60000:61000 -j ACCEPT
 
iptables -A OUTPUT -p tcp --dport 80 --sport 32786:61000 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 --sport 32786:61000 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 32786:61000 --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 32786:61000 --sport 80 -j ACCEPT
 
# Allows established input (ex: allows DNS resolving)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 

# Allows all output connections (for simplicity)
iptables -P OUTPUT ACCEPT

# Blocks unspecifed input connections
iptables -P INPUT DROP