iptables -L can be used to show you what rules have been stored in the kernel.

Make the default policy of the FORWARD chain DROP. Leave the other chains as they are. Do this by editing the script appropriately, then rerunning the script. Just set the FORWARD chain default once in the script.

What is the device name for your primary network connection in your virtual machine.

Add to the END of your /root/firewall script a rule which, when an http packet (tcp) comes in from your main interface, jumps to DROP. Execute the script to activate this change. Do not make this new rule stateful (so no conntrack).

Add another rule to the end of your /root/firewall script This new rule jumps to DROP when a tcp packet which has a source address of 20.0.0.0/24 comes in from your main network device. Execute the script to activate this change. You will be marked wrong if your rule has more conditions than those listed in the question. Do not use connection tracking.

If any packet is passed through the FORWARD chain, reject the packet with the default settings.

Accept PING at a limit of 1 per second from any interface in the INPUT chain. Do not use connection tracking in the rule. DROP pings faster than the limit.

Warning. Even without conntrack specifically in the rule, you are still making us of connection tracking rules elsewhere in the file. Only the first ICMP ping is NEW, and the rest are RELATED. Therefore you MUST insert your new rules BEFORE the RELATED,ESTABLISHED test, and make sure that unwanted pings never reach the RELATED test (needs 2 rules).

Continue on from the previous set of rules. Add in one more rule so that if you receive pings faster than 1 per second, those pings will be logged. Note that things getting logged will appear at the end of /var/log/messages. Do not use a new chain to do this, and keep the rule as simple as possible. Do not use connection tracking.

Creating and executing a script as before, we can create a tighter ruleset.

Insert a single rule, inserting at the start of the INPUT chain so that telnet is ONLY permitted from 10.200.0.1 arriving on and device. Leave the other rules shown above unchanged. If telnet connections arrive from anywhere else, they should be directed to REJECT. Make this a stateful rule, and check the state before any other test.

Add a rule to the firewall so that if someone on your virtual machine tries to open an http connection to 10.200.0.1, the packet is ACCEPTED. Add this rule to the END of the appropriate chain. Do not change any of the existing rules. Use a stateful rule, and check for NEW state before any other tests.

Add appropriate rules so that, if this machine was a router, it would allow RELATED and ESTABLISHED traffic to flow in both directions, as well as permitting http and ping requests to an intranet machine 192.168.1.5. For your rules you can assume the intranet is on device eth9, and you should make sure that the NEW packets are sent on eth9. Do not change any rules or policy definitions from that of the previous question.

Note that in reality eth9 does not exist. However this should have no effect on the rules. Add only 1 rules for RELATED,ESTABLISHED testing, 1 rule for http, and 1 rule for ping (a total of 3 rules), and create them in that order. Make all rules stateful.

The below image is a Venn Diagram which would represent the five stateless router rules. 

The numbers on the diagram show where the 8 rules would fall on the Venn and whether they would be dropped or accepted.