###########
### Create a Sample Rule Set and save it to a file
###########
vi /etc/iptables.up.rules
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:00]
-A INPUT -i lo -j ACCEPT 
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP 
-A INPUT -f -j DROP 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP 
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP 
-A INPUT -p tcp -m multiport --dports 25,80,110,143,443,465,587,993,995 -j ACCEPT
-A INPUT -s <IP> -p tcp -m state --state NEW -m tcp -m multiport --dports 22,389,636,4949,7071 -j ACCEPT
-A INPUT -s <IP> -p tcp -m state --state NEW -m tcp -m multiport --dports 22,389,636,4949,7071 -j ACCEPT
-A INPUT -s <IP> -p tcp -m state --state NEW -m tcp -m multiport --dports 22,389,636,4949,7071 -j ACCEPT
-A INPUT -s <IP> -p tcp -m state --state NEW -m tcp -m multiport --dports 22 -j ACCEPT
-A INPUT -s <IP> -p icmp -j ACCEPT
-A INPUT -s <IP> -p icmp -j ACCEPT
-A INPUT -s <IP> -p icmp -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -j LOG 
-A INPUT -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -o lo -j ACCEPT 
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -p tcp -m multiport --dports 25,80,443 -j ACCEPT 
-A OUTPUT -p udp -m multiport --dports 53 -j ACCEPT 
COMMIT

#####
### Create the script to ensure the Rule Set is not lost after reboot.
#####

vi /etc/network/if-up.d/iptables 

#!/bin/sh
iptables-restore < /etc/iptables.up.rules
#######
### Ensure the script is executable
#######

chmod a+x /etc/network/if-up.d/iptables