Disclaimers and Gotchas

I am not a networking person, and if I played one on TV I wouldn't be a sysadmin
This approach is reactive rather than proactive
You lose functionality, e.g., the ability to ping the target machine
Additional iptables rulesets impose greater overhead
YMMV – I'm not responsible if you break something

I am not a networking person, and if I played one on TV I wouldn't be a sysadmin