Use at your own risk. There are probably better ways to do this, and I use this (and more)....you may want to open or close more ports depending on what you want to do.
### 1: Drop invalid packets ### /sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
### 2: Drop TCP packets that are new and are not SYN ### /sbin/iptables -t mangle -A PREROUTING...