Hello, I have not been using iptables for very long. In the past I've made rules based on ACCEPT, now I'd like to use DENY, also attempting to use the state function. I would like suggestions and useful help. (I've tried in some IRC channels and they are generally abusive, which I really don't have time for) Here's the script requirements: Web server offers http & https to internet Mail server uses SMTP, POP3, imap, imapssl Database server uses port 1433 TCP which is open to a remote lan, closed to all others. All servers need DNS. Maintenance of the firewalls is done on SSH. "Everything else" is DENY. Here's what I've come up with so far: http://docs.google.com/Doc?docid=dhs4mgx8_82hdfq69vk&hl=en (Tried pasting the script here but was rejected)