if i was making a firewall to do the following

Access a DNS: (client = high to low : low to high)
Connect to the web-server (client)
log into your machine using ssh (server)
get emails from pop3 mail server

this is what i did.

DNS: (client)
iptables -A OUTPUT -p tcp -s 0/0 --sport 1023:65535 -d 0/0 --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 --sport 1023:65535 -d 0/0 --dport 53 -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 --sport 53 -d 0/0 --dport 1023:65535 -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --sport 53 -d 0/0 --dport 1023:65535 -j ACCEPT


Web-server:
i did the same but replaced the 53 with 80

POP3 email:
replace the port number e.g 53 or 80 with the number 110

SSH:
iptables -A INPUT -p tcp -s 0/0 --sport 1023:65535 -d 0/0 --dport 22 -j ACCEPT
iptables -A INPUT -p udp -s 0/0 --sport 1023:65535 -d 0/0 --dport 22 -j ACCEPT

can sameone please tell me what is wrong...
according to same people i got this wrong

I will try to point out where I think your script could be improved

You can eliminate all instances of -s 0/0 and -d 0/0. These are implied if no source or destination is given.

Compare this to your code for DNS, and I think you will see the problem: you have the --dport and --sport reversed. Your filtering is actually more strict than mine. I don't filter OUTPUT at all because I trust my system not to send anything out that it isn't supposed to. Also, I don't bother to check the destination port on packets I receive. Maybe I'm too trusting

Regards,

woonix