nixCraft

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:ssh
DROP tcp -- anywhere anywhere tcp dpt:ssh
DROP tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:squid
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 reference
target prot opt source destination

Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Here's what my iptables looks like.
if i append a below line in input policy internet on client machine stops workin. just want the reason why internet stops workin
iptables -A INPUT -j DROP
even forwarding is enabled "net.ipv4.ip_forward = 1"

or should i set input policy as drop "iptables -P INPUT DROP"

with iptables, the first rule matches, so you might want to make the first rule of your chain a default deny all, then allow all others after that..

berkley packet filter is the same, but much easier to understand

vis.(for example)

block all on interface eth0 #lan interface
block all on interface eth1 #dmz interface

pass in on eth0 from 192.168.0.0/24 to dmz-network on port 22 keep state
pass in on eth1 from any to 192.168.1/26 on port 22 keep state

So the first rule which matches, catches the packet and the bpf0 interface stops filtering.