I wanted to send this hours ago but Cox's smtp's been down...

> /sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> /sbin/iptables -A INPUT -s 68.0.0.0/8 -j REJECT 
> /sbin/iptables -A INPUT -s 24.0.0.0/8 -j REJECT 
> /sbin/iptables -P INPUT DENY
> 

I've been trying to figure out iptables rules and this has me thinking... 

How does this block a scan? I read it as: 
"Accept related or established connection, from any address, on any port.
Reject everything from 68.*.*.* and 24.*.*.*".
Then the catch all rule.

Is a scan not-related?
How does a new connection get through, say for http?

Thx,
Bart