Assuming your default policy is drop or the last rule in your chain a log/drop, then yes, the second rule would be redundant. Stick with rule 3 and ESTABLISHED/RELATED. Of course, no TCP based services on this machine will work...
Phillip, I didn't post the entire file.The default policy on the INPUT chain is DROP. I do allow incoming ssh & ftp from a couple of Linux servers that I manage. All other TCP traffic on the external interface is stopped by the "-p tcp --syn -j DROP" rule. I also have the rule "-t nat -A POSTROUTING -o $EXTERNAL_IF -j MASQUERADE" coz this machine is a server for a couple of machines connected to its local (non-internet) interface.
The rules also contain the usual stuff so the internal interfaces work i.e. iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i $INTERNAL_IF_1 -j ACCEPTFrom your response I assume that this setup would make the system safe from unwanted/unexpected incoming traffic that originates from well known ports. What do these attacks do to fools firewalls anyway? Are there firewalls out there that let in traffic if it appears to originate from a well known port.
jmb