Here is my setup:
DSL Modem/Router(Actiontec GT-701) with DMZ set to my linux box. Here is my iptables config script, any comments/additions/notes on my config are welcome.
#File: /home/root/iptablesupdate.sh
#Flush all tables and zero all counters
/sbin/iptables -F
/sbin/iptables -Z
#Rename all existing RedHat Chain (If Exists)
/sbin/iptables -E RH-Firewall-1-INPUT Firewall-DROP
#Create needed custom chains
/sbin/iptables -N Firewall-DROP
/sbin/iptables -N Firewall-ACCEPT
/sbin/iptables -N Firewall-REJECT
#You will get errors from the above commands, you can ignore them
#Rules are listed in processing order
/sbin/iptables -A INPUT -j Firewall-DROP
/sbin/iptables -A INPUT -j Firewall-ACCEPT
/sbin/iptables -A INPUT -j Firewall-REJECT
#/sbin/iptables -A FORWARD -j Firewall-DROP
#/sbin/iptables -A FORWARD -j Firewall-ACCEPT
#Rejects all forwarded traffic, uncomment previous lines if acting as a NAT
/sbin/iptables -A FORWARD -j Firewall-REJECT
##################
#***DROP TABLE***#
##################
#DROP VNC requests from the internet
/sbin/iptables -A Firewall-DROP -s 192.168.0.1 -p tcp -m tcp --dport 5800:6000 -j DROP
#VNC END
#DROP Samba requests from the internet
/sbin/iptables -A Firewall-DROP -s 192.168.0.1 -p udp -m udp --dport 137:139 -j DROP
/sbin/iptables -A Firewall-DROP -s 192.168.0.1 -p tcp -m tcp --dport 137:139 -j DROP
#Samba END
#DROP SSH requests from the internet
/sbin/iptables -A Firewall-DROP -s 192.168.0.1 -p tcp -m tcp --dport 22 -j DROP
#SSH END
####################
#***ACCEPT TABLE***#
####################
#VNC
/sbin/iptables -A Firewall-ACCEPT -p tcp -m tcp --dport 5800:6000 -j ACCEPT
#VNC END
#Samba
/sbin/iptables -A Firewall-ACCEPT -p udp -m udp --dport 137:139 -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p tcp -m tcp --dport 137:139 -j ACCEPT
#Samba END
#SSH
/sbin/iptables -A Firewall-ACCEPT -p tcp -m tcp --dport 22 -j ACCEPT
#SSH END
#Azureus
/sbin/iptables -A Firewall-ACCEPT -p tcp -m tcp --dport 6881:6899 -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p udp -m udp --dport 6881:6899 -j ACCEPT
#Azureus END
#RedHat Defaults
/sbin/iptables -A Firewall-ACCEPT -i lo -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p icmp -m icmp --icmp-type any -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p ipv6-crypt -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p ipv6-auth -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
#CUPS /sbin/iptables -A Firewall-ACCEPT -p udp -m udp --dport 631 -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -m state --state RELATED,ESTABLISHED -j ACCEPT
#RedHat Defaults END
####################
#***REJECT TABLE***#
####################
#Reject All traffic not previously covered
/sbin/iptables -A Firewall-REJECT -j REJECT --reject-with icmp-host-prohibited
#Reject All END
/sbin/iptables-save > /etc/sysconfig/iptables
/sbin/service iptables status
#End of File
DSL Modem/Router(Actiontec GT-701) with DMZ set to my linux box. Here is my iptables config script, any comments/additions/notes on my config are welcome.
#File: /home/root/iptablesupdate.sh
#Flush all tables and zero all counters
/sbin/iptables -F
/sbin/iptables -Z
#Rename all existing RedHat Chain (If Exists)
/sbin/iptables -E RH-Firewall-1-INPUT Firewall-DROP
#Create needed custom chains
/sbin/iptables -N Firewall-DROP
/sbin/iptables -N Firewall-ACCEPT
/sbin/iptables -N Firewall-REJECT
#You will get errors from the above commands, you can ignore them
#Rules are listed in processing order
/sbin/iptables -A INPUT -j Firewall-DROP
/sbin/iptables -A INPUT -j Firewall-ACCEPT
/sbin/iptables -A INPUT -j Firewall-REJECT
#/sbin/iptables -A FORWARD -j Firewall-DROP
#/sbin/iptables -A FORWARD -j Firewall-ACCEPT
#Rejects all forwarded traffic, uncomment previous lines if acting as a NAT
/sbin/iptables -A FORWARD -j Firewall-REJECT
##################
#***DROP TABLE***#
##################
#DROP VNC requests from the internet
/sbin/iptables -A Firewall-DROP -s 192.168.0.1 -p tcp -m tcp --dport 5800:6000 -j DROP
#VNC END
#DROP Samba requests from the internet
/sbin/iptables -A Firewall-DROP -s 192.168.0.1 -p udp -m udp --dport 137:139 -j DROP
/sbin/iptables -A Firewall-DROP -s 192.168.0.1 -p tcp -m tcp --dport 137:139 -j DROP
#Samba END
#DROP SSH requests from the internet
/sbin/iptables -A Firewall-DROP -s 192.168.0.1 -p tcp -m tcp --dport 22 -j DROP
#SSH END
####################
#***ACCEPT TABLE***#
####################
#VNC
/sbin/iptables -A Firewall-ACCEPT -p tcp -m tcp --dport 5800:6000 -j ACCEPT
#VNC END
#Samba
/sbin/iptables -A Firewall-ACCEPT -p udp -m udp --dport 137:139 -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p tcp -m tcp --dport 137:139 -j ACCEPT
#Samba END
#SSH
/sbin/iptables -A Firewall-ACCEPT -p tcp -m tcp --dport 22 -j ACCEPT
#SSH END
#Azureus
/sbin/iptables -A Firewall-ACCEPT -p tcp -m tcp --dport 6881:6899 -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p udp -m udp --dport 6881:6899 -j ACCEPT
#Azureus END
#RedHat Defaults
/sbin/iptables -A Firewall-ACCEPT -i lo -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p icmp -m icmp --icmp-type any -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p ipv6-crypt -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -p ipv6-auth -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
#CUPS /sbin/iptables -A Firewall-ACCEPT -p udp -m udp --dport 631 -j ACCEPT
/sbin/iptables -A Firewall-ACCEPT -m state --state RELATED,ESTABLISHED -j ACCEPT
#RedHat Defaults END
####################
#***REJECT TABLE***#
####################
#Reject All traffic not previously covered
/sbin/iptables -A Firewall-REJECT -j REJECT --reject-with icmp-host-prohibited
#Reject All END
/sbin/iptables-save > /etc/sysconfig/iptables
/sbin/service iptables status
#End of File