Feedback: Quick Basic Firewall Setup With Uncomplicated Firewall & a Graphical Interface

Good video.
I will share my rules, because why not. Right? :slight_smile:

-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i enx001e0630caa8 -m iprange --src-range 192.168.0.110-192.168.0.116 -j ACCEPT
-A INPUT -s 192.168.0.1/32 -i enx001e0630caa8 -j ACCEPT
-A INPUT -s xxx.xxx.xxx.xxx/32 -i enx001e0630caa8 -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -s 192.168.0.152/32 -d 192.168.0.255/32 -i enx001e0630caa8 -p udp -m udp --dport 137:138 -j DROP
-A INPUT -d 127.0.0.0/8 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 127.0.0.0/8 -i lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 3389 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -f -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,PSH FIN,SYN,PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,URG FIN,SYN,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST FIN,SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -j DROP
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 1.1.1.1/32 -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A OUTPUT -d 1.1.1.1/32 -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A OUTPUT -o enx001e0630caa8 -m iprange --dst-range 192.168.0.110-192.168.0.116 -j ACCEPT
-A OUTPUT -d 192.168.0.1/32 -o enx001e0630caa8 -j ACCEPT
-A OUTPUT -s 192.168.0.152/32 -o enx001e0630caa8 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -s 192.168.0.152/32 -o enx001e0630caa8 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -s 192.168.0.152/32 -d xxx.xxx.xxx.xxx/32 -o enx001e0630caa8 -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -s 192.168.0.152/32 -o enx001e0630caa8 -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -d 192.168.0.255/32 -p udp -m udp --dport 137:138 -j ACCEPT
-A OUTPUT -s 192.168.0.152/32 -o enx001e0630caa8 -p icmp -j ACCEPT
-A OUTPUT -d 127.0.0.0/8 -j DROP
-A OUTPUT -j DROP