Add the rule in Chain INPUT (policy ACCEPT)
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
sudo iptables -A INPUT -p tcp --dport http -j ACCEPT
sudo iptables -A INPUT -p tcp --dport ftp -j ACCEPT
sudo iptables -A INPUT -p tcp --dport http -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 65020 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 65030 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 65020:65030 -j ACCEPT
Delete the rule
iptables -D INPUT -p tcp --dport 65020 -j ACCEPT
iptables -D INPUT -p tcp --dport 65030 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
This is the rule that does most of the work, and again we are adding (-A) it to the INPUT chain. Here we're using the -m switch to load a module (state). The state module is able to examine the state of a packet and determine if it is NEW, ESTABLISHED or RELATED. NEW refers to incoming packets that are new incoming connections that weren't initiated by the host system. ESTABLISHED and RELATED refers to incoming packets that are part of an already established connection or related to and already established connection.
ref: http://wiki.centos.org/HowTos/Network/IPTables
