I just set up a nat with centos and I am using a cisco 2900 switch. My question is after you configure iptables and have all your rules set and ports forwarded what would be the best way to block all other traffic? I was thinking of putting this as the last line of my rules config
-A INPUT -j DROP -p tcp -i eth0
eth0 is my public interface.