diff --git a/templates/iptables_default_v4.j2 b/templates/iptables_default_v4.j2
index 72b9469..b7efa99 100644
--- a/templates/iptables_default_v4.j2
+++ b/templates/iptables_default_v4.j2
@@ -1,7 +1,14 @@
 # {{ ansible_managed }}
 
 *filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0]
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp -j REJECT --reject-with tcp-reset
+-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -j REJECT --reject-with icmp-proto-unreachable
 COMMIT
diff --git a/templates/iptables_default_v6.j2 b/templates/iptables_default_v6.j2
index 72b9469..d2927b5 100644
--- a/templates/iptables_default_v6.j2
+++ b/templates/iptables_default_v6.j2
@@ -1,7 +1,12 @@
 # {{ ansible_managed }}
 
 *filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0]
+-A INPUT -p tcp --syn -j DROP
+-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
 COMMIT