The following rules have worked well for a statefull rule on a few boxes i have tried them on so far. All that work had kernel 2.4.9 or above for a kernel.
I put the rule set on a rh7.1 box with 2.4.2 kernel. Then I nmap the box and see everything thats open. http,ssh etc all are viewable, useable etc. So i upgraded iptables from 1.2.2? to 1.2.4: same result. is my solution to upgrade the kernel? /sbin/iptables -P INPUT DROP /sbin/iptables -P FORWARD DROP /sbin/iptables -A INPUT -i ! eth0 -j ACCEPT /sbin/iptables -A INPUT -i ! lo -j ACCEPT /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (same rules just as output from iptables-save) :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [1637:74473] -A INPUT -i ! eth0 -j ACCEPT -A INPUT -i ! lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT
