*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# allow local loopback connections
-A INPUT -i lo -j ACCEPT

# drop INVALID connections
-A INPUT   -m state --state INVALID -j DROP
-A OUTPUT  -m state --state INVALID -j DROP
-A FORWARD -m state --state INVALID -j DROP

# allow all established and related
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# add anymore rules here
COMMIT
