diff --git a/clone/utility/iptables b/clone/utility/iptables
index d19c647..91a07b8 100644
--- a/clone/utility/iptables
+++ b/clone/utility/iptables
@@ -6,18 +6,23 @@ iptables -P INPUT DROP;
 
 # maintenance
 iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT;
-iptables -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT;
 
 # SMMP-server
-iptables -A INPUT -p tcp -m tcp --sport 22 -j ACCEPT;
 iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT;
 
 # SMMP
-iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT;
 iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT;
 
+# apt-get
+iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
+iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT;
+
 # dns
-iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT;
-iptables -A INPUT  -p udp --sport 53 -m state --state ESTABLISHED     -j ACCEPT;
-iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT;
-iptables -A INPUT  -p tcp --sport 53 -m state --state ESTABLISHED     -j ACCEPT;
\ No newline at end of file
+iptables -A OUTPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT;
+iptables -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT;
+
+# accept as INPUT all already ESTABLISHED connections
+iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
+
+# accept to OUTPUT all already ESTABLISHED connections
+iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
\ No newline at end of file