Configuration - Basic Setup

[mkington@atomic-interactive.com]

Hi Folks,

We setup our first iptables based firewall the other day and I'm just about 
getting my head into this.  I've got NAT working ok, and I can get my head 
around around the in, out and forward chains but if I were to prevent an 
incomming connection, on all ports but 22 & 23 for TCP, but allow everything 
out (and the response for those to come back in again) how would I do it?  
I've read the docs and think I could block SYN packets on a whole bunch of 
ports on the input chain for our externally facing ethernet card.  I take it 
that wouldn't affect the ack ACK packets which would be returning.  Is my 
thinking correct or totally flawed? 

Cheers,
Max