FORWARDは使わないのでDROP＋sshのポート10022をあける（とりあえずどっからでも）

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
# iptables -P FORWARD DROP
# iptables -A INPUT -p tcp --dport 10022 -j ACCEPT
# iptables -A INPUT -p tcp --sport 10022 -j ACCEPT
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10022
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:10022

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination