I've been watching this email chain and decided to use it to tighten up my debian unstable iptables setup that never really blocked outside access. I want to thank everyone who's pitched in w/ info.
I used one of the earlier commented examples by Vineet Kumar (thanks Vineet) for my starting point.
There were two glitches I hit. One was I didn't have the state extension compiled into the kernel (or as a module), so "-state" broke until I did. The other was the current unstable iptables doesn't like -state before the -A command. I moved "-state" back and put it in just before "--state" and all was well.
The key reminder I'm tossing into the list is to be sure you have all necessary iptables pieces compiled either as modules or directly into the kernel before working with these scripts.
Thanks again, Heitzso
