I find this is a great configuration to start with when working on a new server. From here, I typically customize based on the nature of the server. Hint: take a look at the listening services on the server and evaluate whether or not those services need to be locked down, database connections are a great example of this. I like to use a quick
netstat -nlp command for this.
BONUS: I was setting up an rwhois server for work and I wanted to implement some form of rate limiting; it turns out that iptables can be used for this! In the below example, somebody will be able to make 19 TCP requests to port 4321 every minute before their connections will get rejected (for the remainder of that minute). I did not want this rate limiter to be too restrictive, I just wanted to avoid abuse and potential for DOS (because rwhois is that popular right).
The ICMP line is not required for the rate limiter, I just wanted people to be able to ping this box.
PS, if you ask really nicely, I’ll tell you about my rwhois easter-egg.