If you use DROP policy on INPUT chain, you’ll have issues with passive ftp. To solve this apply these rules for iptables to allow passive ftp in iptables.
To avoid lockout in case the script fails at some point, add a ‘at’ job to remove DROP policy on INPUT chain. Even if you’re very confident that you’re doing everything right, don’t forget about this. There was a lot of times when I was locked out because of some failed paste into the file or left the typo somewhere. So this will let you to get the connection back after some time if you failed at some point.