lol.. you were right, you dont understand networks... hehe.
OKAY... a Packet (TCP UDP or ICMP) can have many different states....
state NEW means this is the first packet from a remote computer... possible a connection request.
state ESTABLISHED means this packet is part of an already started connection... for example a reply from a http GET request.
state RELATED means this packet is part of a new connection that has been started by an already ESTABLISHED connection... for example an FTP download or upload (FTP uses 2 different 'channels' a data channel and a command channel.
so a simple firewall rule would be.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --state state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --state state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -P INPUT DROP
this firewall input rule would drop all connection attempts, and ping attempts.
rule 1 means allow everything on the loopback device (allow the computer to talk to itself)
rules 2 allows all related and established traffic.
rules 3 allows same as 2 but for the udp protocol.
rule 4 allows ping reply's but NOT ping requests.... so you can ping other people, but they cannot ping you.
rule 5 drops everything else.
with this rule set, nobody can send information to your computer unless they are sending it as reply to a request you send to them.
as for output.... most poeple dont need to restrict output. and leave output policy to default ACCEPT...
but if you do want to restrict output.. make sure you have at least these rules...
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p tcp --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p udp --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUPPUT -p icmp --icmp-type -icmp-echo-request -j ACCEPT
this is ismilar to the input rule....
note that you will need to add rules to the output rules...
there is nothing in the output rules that allows new connections... just releated ones... and nothing can be related unless a new packet is allowed out.
so add rules like
iptbales -A OUTPUT -p tcp --state NEW --dport 80 -j ACCEPT
to allow your machine to connect to remote machines on port 80 (http) for viewing web pages.
OR... you could just allow a firewall program to qutomatically configure iptables firewall for you.
programs like "firestarter" are good for newbs.