1 *filter
 2 :OUTPUT  ACCEPT
 3 :FORWARD DROP
 4 :INPUT   DROP
 5 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 6 -A INPUT -m conntrack ! --ctstate NEW -j DROP
 7 -A INPUT -p icmp -j ACCEPT
 8 -A INPUT -i lo -j ACCEPT
 9 -A INPUT -p tcp --dport ssh -j ACCEPT
10 # I'm a mail server!
11 -A INPUT -p tcp -m multiport --dports smtp,submission,imaps -j ACCEPT
12 # I'm a web server!
13 -A INPUT -p tcp -m multiport --dports http,https            -j ACCEPT
14 -A INPUT -j REJECT
15 COMMIT