###############
# INPUT #
###############
# Droping all new and invalid connections coming from outside and loging them
# Check out log by runing *dmesg* as root
/sbin/iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j LOG
/sbin/iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
# Drop all tcp connection request coming from outside (syn packets)
/sbin/iptables -A INPUT -i ppp0 -p tcp --syn -j DROP
# Do not ping me you *******
...
/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
##################
# FORWARD #
##################
# Drop ALL on this chain
/sbin/iptables -P FORWARD DROP
#################
# OUTPUT #
#################
# Just in case... (no ping replys, pongs)
/sbin/iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP
This is just a simple config...
It should be enough for you to be stealth from port scanners and script kiddies...