This script generates a simple, yet effective, iptables firewall policy for use on independent hosts (such as web servers, etc.) connected directly to the Internet.
Allow traffic to/from loopback device
Block outgoing traffic (does not affect established sessions and DNS queries)
Usually, anything arriving or exiting on a loopback interface should be allowed. This is because local applications sometimes bounce data to each other using the TCP/IP stack via loopback.
Accept Inbound Traffic
By default, all inbound traffic is blocked. Thus, select the services your want the outside world to have access to on your host.
Accept Inbound ICMP Messages
Traceroute (Time Exceeded)
ICMP (Internet Control Message Protocol) messages are used to report error conditions and controlling connections to your server. If you wish your host to be able to respond to ping or traceroute, enable the options above.
Restrict Inbound Client Access
By default, 0.0.0.0/0 will allow anyone to access the available services. In order to only allow private LAN clients, set this value to 10.0.0.0/24 or similar.