*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j DROP
-A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -j DROP
COMMIT