vi /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Fri Jun 7 14:37:21 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
#ftp
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
#ssh
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
#smtp
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
#pop
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
#dns
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
#http
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
#
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
#vesta
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8083 -j ACCEPT
#ftp passive ports
-A INPUT -p tcp -m state --state NEW -m tcp --dport 12000:12100 -j ACCEPT
#webmin
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Jun 7 14:37:21 2013

chkconfig iptables on

service iptables start