diff --git a/conntrackt/templates/conntrackt/entity_iptables.html b/conntrackt/templates/conntrackt/entity_iptables.html
--- a/conntrackt/templates/conntrackt/entity_iptables.html
+++ b/conntrackt/templates/conntrackt/entity_iptables.html
@@ -1,7 +1,7 @@
 {% load conntrackt_tags %}
 # iptables rules generated by conntrackt for {{entity}}
 *filter
-:INPUT ACCEPT [0:0]
+:INPUT DROP [0:0]
 {% for interface in entity.interface_set.all %}
   {% for communication in interface.destination_set.all %}
     {% ifchanged communication.description %}
@@ -15,7 +15,7 @@
 {% iptables communication %}
   {% endfor %}
 {% endfor %}
-:FORWARD ACCEPT [0:0]
+:FORWARD DROP [0:0]
 :OUTPUT ACCEPT [0:0]
 COMMIT
 *nat