*filter
-P INPUT   DROP
-P OUTPUT  DROP
-P FORWARD DROP

-A INPUT  -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

-A INPUT  -p icmp --icmp-type echo-request -j ACCEPT
-A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT  -p icmp --icmp-type echo-reply   -j ACCEPT
-A OUTPUT -p icmp --icmp-type echo-reply   -j ACCEPT

-A INPUT  -p udp --sport 53 -j ACCEPT
-A OUTPUT -p udp --dport 53 -j ACCEPT

-A INPUT  -p tcp --sport 22 -j ACCEPT
-A OUTPUT -p tcp --dport 22 -j ACCEPT

# ftp MUST die!
-A INPUT  -p tcp -m multiport --sports 20,21 -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 20,21 -j ACCEPT
-A INPUT  -p tcp -m state --state ESTABLISHED         --sport 1024: --dport 1024: -j ACCEPT
-A OUTPUT -p tcp -m state --state ESTABLISHED,RELATED --sport 1024: --dport 1024: -j ACCEPT

# HTTP & HTTPS
-A INPUT  -p tcp -m multiport --sports 80,443 -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 80,443 -j ACCEPT

# NTP
-A INPUT  -p udp --sport 123 -j ACCEPT
-A OUTPUT -p udp --dport 123 -j ACCEPT

# GIT
-A INPUT  -p tcp --sport 9418 -j ACCEPT
-A OUTPUT -p tcp --dport 9418 -j ACCEPT

# POP3/S
-A INPUT  -p tcp --sport 110 -j ACCEPT
-A OUTPUT -p tcp --dport 110 -j ACCEPT
-A INPUT  -p tcp --sport 995 -j ACCEPT
-A OUTPUT -p tcp --dport 995 -j ACCEPT

# Gmail
-A INPUT  -p tcp --sport 587 -j ACCEPT
-A OUTPUT -p tcp --dport 587 -j ACCEPT

# Google Voice (not working)
-A INPUT  -p udp --sport 19295 -j ACCEPT
-A OUTPUT -p udp --dport 19302 -j ACCEPT
-A INPUT  -p udp --sport 19295 -j ACCEPT
-A OUTPUT -p udp --dport 19302 -j ACCEPT

COMMIT