iptables

Quick setup

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -I INPUT 1 -i lo -j ACCEPT
sudo iptables -P INPUT DROP
sudo iptables -A INPUT -j DROP

This will set the defaults to accept established, related and new traffic, allow incoming traffic from tcp port 22, localhost and drop everything else

Save and load from file

iptables-save > iptables.txt
iptables-restore < iptables.txt

iptables restore will instantly load the ruleset, but wont remember them if you restart, use sudo netfilter-persistent save to save rules permanently.

Drop everything except LAN and single IP

iptables -A INPUT -p tcp --dport 22 -s 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 1.2.3.0 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

Docker rules

if you are running docker instances it's best to keep clean iptables ruleset in a file and not add any docker rules to the iptables. This way docker will automatically add it's crap to the iptables, but if you save a ruleset with docker rules it's more than likely that it will mess things up.

Digitalocean Iptables basics