There's an enormous amount of documentation on iptables -- I
need a little less of it, so to speak. I just want to know
if there are any plausible attacks on my setup, which I have
set, if I understand it correctly, to reject all incoming
TCP packets that attempt to start a connection, all
packets that want to be forwarded, and all ip6 packets
whatsoever. For example, can connections be started
via *non*-TCP packets? (Dropping all non-TCP packets
seems to break the internet completely.) Or, can non-SYN
TCP packets do mischief? Or, have I just misunderstood
the syntax somewhere? Thanks for any help.

Output of iptables-save:

# Generated by iptables-save v1.2.9 on Sat May 15 14:57:39 2004
*filter
:INPUT ACCEPT [2676:2951669]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2268:192717]
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j REJECT
--reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Sat May 15 14:57:39 2004

Output of ip6tables-save:

# Generated by ip6tables-save v1.2.9 on Sat May 15 15:00:11 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:232]
-A INPUT -s ::/0 -d ::/0 -j DROP
-A FORWARD -s ::/0 -d ::/0 -j DROP
COMMIT
# Completed on Sat May 15 15:00:11 2004