Don’t write your own. Why? ’cause you’ll mess it up and end up in a false sense of security.
Some Norwegian dude called Vegar told me of the Debian package arno-iptables-firewall. It’s an iptables-based firewall that can be administered in your favourite text editor or more conveniently by
So, remove that crappy iptables script that you wrote to “protect” your public-facing server and go do this:
apt-get install fail2ban arno-iptables-firewall