Basic iptables rules

rules.v4

# Generated by iptables-save v1.6.0 on Wed Dec 21 18:48:19 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [244180:191492827]
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m comment --comment "block null packets" -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m comment --comment "block syn-flood" -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m comment --comment "block XMAS packets" -j DROP
-A INPUT -p icmp -m comment --comment "accept icmp" -j ACCEPT
-A INPUT -i lo -m comment --comment "accept loopback traffic" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment "allow ssh" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -m comment --comment "accept web traffic" -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "accept established/related" -j ACCEPT
-A INPUT -m comment --comment "drop everything else" -j DROP
COMMIT
# Completed on Wed Dec 21 18:48:19 2016

rules.v6

# Generated by ip6tables-save v1.6.0 on Thu Jan 26 16:37:13 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:560]
-A INPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -m comment --comment "accept web traffic" -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A FORWARD -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
-A OUTPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
COMMIT
# Completed on Thu Jan 26 16:37:13 2017