Creating filewall for Jitsi on Debian server

If you have a better understanding on setting a firewalls for Jitsi using iptables, please review the below and make comment/corrections for me. This configuration works well for me, as far as I know…

Set firewall rules: Create a file, eg: setfw.sh and add the following rules to the file

Delete all existing rules

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

Allow traffic on loopback

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

Allow all inbound established connections

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Allow all outbound established connections

iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Enable specific incoming ports for ssh

iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

Enable specific incoming ports infrastructure support (ssh, http, https, http-alt, https-alt, jitsi UDP ports)

iptables -A INPUT -p udp -m state --state NEW -m multiport --dport 3478,10000 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m multiport --dport 22,80,8080,443,8443,4443,5349 -j ACCEPT

Allow pinging

iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

Set default chain policies after opening ports

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Load the firewall rules, and save so they stay persistent

chmod +x setfw.sh

./setfw.sh

netfilter-persistent save

Check that rules are set as desired

iptables -L