/etc/init.d/firewall Iptables firewall

firewall

#!/bin/sh

### BEGIN INIT INFO
# Provides:          firewall
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Firewall
# Description:       Configure all iptables rules.
### END INIT INFO

echo "Empty actual rules"
iptables -t filter -F

echo "Empty personnal rules"
iptables -t filter -X

echo "Empty NAT rules"
iptables -t nat -F
iptables -t nat -X

echo "Empty the mangle table's rules"
iptables -t mangle -F
iptables -t mangle -X

echo "Drop all connexions in, out and forward"
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP

# ----------------------------------------------

echo "Don't break existing connections"
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

echo "Allow loopback"
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT

echo "Allow ping"
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT

# ----------------------------------------------

# /!\ SSH In and Out
# ------------------
# Be careful! Don't brake your SSH connections ;)
echo "SSH :)"
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT

# DNS Out & In
#-------------
echo "DNS Out"
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
#echo "DNS In"
#iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
#iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT

# NTP Out
#--------
echo "NTP Out"
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT

# HTTP + HTTPS Out & In
#----------------------
echo "HTTP(S) Out"
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
#echo "HTTP(S) In"
#iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
#iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT

# MySQL In & Out
#---------------
#echo "MySQL In"
#iptables -t filter -A INPUT -p tcp --dport 3306 -j ACCEPT
#echo "MySQL Out"
#iptables -t filter -A OUTPUT -p tcp --dport 3306 -j ACCEPT

# FTP In & Out
#-------------
#iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
#iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
#iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# SMTP (mail)
#------------
#echo "SMTP In"
#iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
#echo "SMTP Out"
#iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT


# IRC
#----
#echo "IRC !"
#iptables -t filter -A OUTPUT -p tcp --dport 6667 -j ACCEPT

# OpenVPN (with IPs 10.8.0.0/24)
#--------
#echo "OpenVPN"
#iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A FORWARD -s 10.8.0.0/24 -o eth0 -j ACCEPT
#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
#iptables -t filter -A INPUT -p tcp --dport 1194 -j ACCEPT
#iptables -t filter -A INPUT -p udp --dport 1194 -j ACCEPT
#iptables -t filter -A OUTPUT -p tcp --dport 1194 -j ACCEPT
#iptables -t filter -A OUTPUT -p udp --dport 1194 -j ACCEPT

# Routed VPN tunnels
#-------------------
#echo "Routed VPN tunnels"
#iptables -t filter -A INPUT -i tun+ -j ACCEPT
#iptables -t filter -A FORWARD -i tun+ -j ACCEPT
#iptables -t filter -A FORWARD -o tun+ -j ACCEPT
#iptables -t filter -A OUTPUT -o tun+ -j ACCEPT

# Bridged VPN tunnels (don't uncomment if you used PPTP, see below)
#--------------------
#echo "Bridged VPN tunnels"
#iptables -A INPUT -i tap0 -j ACCEPT
#iptables -A FORWARD -i tap0 -j ACCEPT
#iptables -A FORWARD -o tap0 -j ACCEPT
#iptables -A OUTPUT -o tap0 -j ACCEPT
#iptables -A INPUT -i br0 -j ACCEPT
#iptables -A FORWARD -i br0 -j ACCEPT
#iptables -A OUTPUT -o br0 -j ACCEPT

# Samba
#------
#echo "Samba In"
#iptables -t filter -A INPUT -p tcp --dport 135 ACCEPT   
#iptables -t filter -A INPUT -p udp --dport 137:138 -j ACCEPT
#iptables -t filter -A INPUT -p tcp --dport 139 -j ACCEPT
#iptables -t filter -A INPUT -p tcp --dport 445 -j ACCEPT
#echo "Samba Out"
#iptables -t filter -A OUTPUT -p tcp --sport 135 -j ACCEPT   
#iptables -t filter -A OUTPUT -p udp --sport 137:138 -j ACCEPT
#iptables -t filter -A OUTPUT -p tcp --sport 139 -j ACCEPT
#iptables -t filter -A OUTPUT -p tcp --sport 445 -j ACCEPT

# pptp(d) (VPN)
#--------------
#echo "PPTP(d)"
#iptables -A INPUT -i ppp+ -j ACCEPT
#iptables -A OUTPUT -o ppp+ -j ACCEPT
#iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
## GRE protocol used by PPTP
#iptables -A INPUT -p 47 -j ACCEPT
#iptables -A OUTPUT -p 47 -j ACCEPT
## Accept postrouting
#iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
#iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
## Accept forward
#iptables -F FORWARD
#iptables -A FORWARD -j ACCEPT

# Puppet
#echo "Puppet"
#iptables -t filter -A INPUT -p tcp --dport 8140 -j ACCEPT
#iptables -t filter -A OUTPUT -p tcp --dport 8140 -j ACCEPT

echo "Firewall done."

Add the firewall at startup: update-rc.d firewall defaults
Remove it: update-rc.d -f firewall remove

Thanks that's very helpful