I want a more secure iptables firewall. but whenever I try to make it more secure... I lose internet access somewhere (depending on what I'm securing) this is my Current script It's undergoing major modifications so if anyone has suggestions. if I put > in front of something that means that, that rule has to go. iptables -F # Policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # Input Policy iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp --syn -m limit --limit 5/s -i eth0 -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT >iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # I don't want to allow this on all ports iptables -A INPUT -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 1863 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 5050 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 5190 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 6667 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -p tcp -i eth0 -j REJECT --reject-with tcp-reset iptables -A INPUT -p udp -i eth0 -j REJECT --reject-with icmp-port-unreachable # Forward Policy iptables -A FORWARD -p tcp --syn -m limit --limit 5/s -i eth0 -j ACCEPT iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -p tcp --dport 80 -m state --state NEW -j ACCEPT iptables -A FORWARD -p tcp --dport 443 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state INVALID -j DROP >iptables -A FORWARD -j ACCEPT #not secure at all but I can't get it to work without this. that's it can any one help?