IPT="/sbin/iptables"
IFOUT="em1"

$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

# Block Fragments
$IPT -A INPUT -i $IFOUT -f  -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fragments Packets"
$IPT -A INPUT -i $IFOUT -f -j DROP

# Block bad stuff
$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags ALL ALL -j DROP

$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL Packets"
$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags ALL NONE -j DROP # NULL packets

$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "XMAS Packets"
$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS

$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fin Packets Scan"
$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans

$IPT  -A INPUT -i $IFOUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

# Allow full outgoing connection but no incomming stuff
$IPT -A INPUT -i $IFOUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o $IFOUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPT -A INPUT -i $IFOUT -p tcp --dport 22 -j ACCEPT