Debian

Iptables, NAT, PPTP, how to disable everything except necessary?

It is necessary to disable all ports except those necessary on the eth0 and ppp0 interfaces.
(The provider uses PPTP Dual Acces)
We have the following config:

#!/bin/sh
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
# Включаем форвардинг пакетов
echo 1 > /proc/sys/net/ipv4/ip_forward
# Разрешаем трафик на loopback-интерфейсе
iptables -A INPUT -i lo -j ACCEPT
# Разрешаем доступ из внутренней сети наружу
iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
#iptables -A FORWARD -i wlan0 -o ppp0 -j ACCEPT
# Включаем NAT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.55.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.55.0/24 -j MASQUERADE
# Разрешаем ответы из внешней сети
iptables -A FORWARD -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Запрещаем доступ снаружи во внутреннюю сеть
iptables -A FORWARD -i ppp0 -o eth1 -j REJECT
iptables -A FORWARD -i eth0 -o eth1 -j REJECT

#Запретить Samba снаружи
iptables -A INPUT -i eth0 -p udp --dport 139 -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 139 -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 445 -j DROP
iptables -A INPUT -i eth0 -p udp --dport 445 -j DROP

iptables -A INPUT -i ppp0 -p udp --dport 139 -j DROP
iptables -A INPUT -i ppp0 -p tcp --dport 139 -j DROP
iptables -A INPUT -i ppp0 -p tcp --dport 445 -j DROP
iptables -A INPUT -i ppp0 -p udp --dport 445 -j DROP

What needs to be added so that only ports work on external interfaces:
22,53,80,443,933,465,25,587,143?
What should be added to drop unwanted packets?

ptables -A INPUT -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state INVALID -j DROP

I found these options - just did not understand where to specify the Interfaces on which it should work.
In general, again I got confused in the rules of iptables, help, sink!