From the copy-rusty's-docs dept.
Really-quick firewall

Most people have a single connection to the Internet, and don't want anyone coming back into their network, or the firewall:
 #!/bin/sh
 # Simple firewall script
 #
 # Insert connection-tracking modules (not needed if built into kernel).
 modprobe ip_conntrack
 modprobe ip_conntrack_ftp

 # this may be ppp0 for you
 NET_CONNECTION=eth0

 # Create chain which blocks new connections, except if coming from inside.
 iptables -N block
 iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A block -m state --state NEW -i ! $NET_CONNECTION -j ACCEPT
 iptables -A block -j DROP

 # Jump to that chain from INPUT and FORWARD chains.
 iptables -A INPUT -j block
 iptables -A FORWARD -j block