Couple of comments.
1. For the loopback traffic, you'll likely need a little more lenient policy as your system will occasionally make local connections over the loopback adapter using your actual IP rather than loopback address (127.0.0.1). Using iptables -A INPUT -i lo -j ACCEPT should work better.
2. You should limit DNS traffic to only the IP address of your ISP, ideally to their DNS servers. Giving puclic access is not a good idea and allows an attacker to inject malicious DNS traffic.
3. There is a better way to prevent remote hosts from making connections attempts rather than using the ! syn trick. With the way you've done it, an ACK or FIN scan would go right through your firewall and allow someone to enumerate your open ports. That was actually the method of choice back in the ipchains days, but now linux has statefull filtering with iptables. Use this rule instead:
Code:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
That will only allow traffic from connections that you initiate, regardless of what tcp flags are on the packets.
4. You may want to consider adding spoofing protection and bogus packet logging as well.