*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9:558]
#Allow all from localhost
-A INPUT -s 127.0.0.1 -j ACCEPT 
#Allow all from trusted IP
-A INPUT -s 10.8.0.2 -j ACCEPT
#Allow already established connections
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
#Reject everything else
-A INPUT -j REJECT --reject-with icmp-port-unreachable 
COMMIT