启用iptables防火墙，要求INPUT方向允许任意主机访问ICMP、TCP的21、22、80、139、445端口，INPUT其他默认禁止访问。该怎么处理

启用iptables防火墙，要求INPUT方向允许任意主机访问ICMP、TCP的21、22、80、139、445端口，INPUT其他默认禁止访问。
各位大神帮忙写一个iptables的配置啊，初学，不是很懂。

[解决办法]
如下三条命令就可以了：

设置INPUT的默认策略
iptables -P INPUT DROP

开放INPUT的icmp
iptables -I INPUT 1 -p icmp -j ACCEPT

开放tcp上的21,22,80,139,445端口
iptables -I INPUT 1 -p tcp -m multiport --dports 21,22,80,139,445 -j ACCEPT


虚拟机上操作示例：

Assembly code

[root@RHEL6A ~]# iptables -L -nvChain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination            26  2012 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0               0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0               2   152 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22     1    32 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination             0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-is-bridged     0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 25 packets, 2204 bytes) pkts bytes target     prot opt in     out     source               destination         [root@RHEL6A ~]# iptables -P INPUT DROP[root@RHEL6A ~]# iptables -I INPUT 1 -p icmp -j ACCEPT[root@RHEL6A ~]# iptables -I INPUT 1 -p tcp -m multiport --dports 21,22,80,139,445 -j ACCEPT[root@RHEL6A ~]# iptables -L -nvChain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination            13   884 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 21,22,80,139,445     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0              37  2684 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0               0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0               2   152 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22     1    32 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination             0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-is-bridged     0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 8 packets, 1104 bytes) pkts bytes target     prot opt in     out     source               destination