I have a headless server at home and I'd like to tighten it's firewall so that only connections through the vpn or connections to/from the local network are allowed. I've read through a handful of iptables documentation, and read this one twice. Still, the server being headless and all, I'd like an extra set of eyes to be sure that when I put this configuration in I don't lose SSH access.

My goal is to have the host machines WAN access go through the VPN only, so if the VPN is down there is no WAN communication with the host machine. All local connections are allowed. I've put in comments to outline what my intentions for each set were, in case I wrote it so backwards that it doesn't make any sense.

#Accept all TUN connections (tun is the virtual adaptor for VPN)
iptbales -A OUTPUT -o tun0 -j ACCEPT

#Allow initialization of VPN

#Allow all local network communication
iptables -A INPUT -s -j ACCEPT
iptables -A OUTPUT -d -j ACCEPT

#Drop everything else
iptbales -A OUTPUT -j DROP
iptbales -A INPUT -j DROP

Thank you for your review.