I just made a quick firewall (im still new to this) and I wanted some people to proof it and give some tips. I need to run a web server and an ftp server. The firewall also has to route to other computers. Here it is:

Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere
DROP udp -- anywhere anywhere udp dpt:ssh
DROP udp -- anywhere anywhere udp dpt:echo
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpts:33000:65000
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:81

Im using iptables btw. Is it relatively safe? What can I do to make it better? I think that the forwarding chain needs some work

BTW. Don't mind the double entries, those are accidents i just noticed

Best way to know, test it with:

nmap (http://www.insecure.org/nmap/)

I already checked it at that site and scan.sygate.com and It seemed ok. I just need an opinion from someone experienced, who mabe sees a loop hole or something

never think anything is TOTALLY secure....:(

--state -NEW