Basic Firewall

These commands will open up ssh and web, but leaves everything else locked off.

# ssh and web
iptables -t filter -A INPUT -p tcp --dport 22 -i venet0 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 80 -i venet0 -j ACCEPT

# dns request responses
iptables -t filter -A INPUT -p tcp --sport 53 -i venet0 -j ACCEPT
iptables -t filter -A INPUT -p udp --sport 53 -i venet0 -j ACCEPT

# accept other related sessions
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -i venet0 -p tcp -j ACCEPT

# drop everything else
iptables -t filter -A INPUT -i venet0 -j DROP

Change venet0 to the relevant interface name.