Is iptables-save a firewall script writing program?
Usually I write all my iptables scripts by hand, and it's been a while since I have done so, so I'm not completely familiar with the syntax of your script (the :FORWARD part, for instance) , but as a rule of thumb, the order, from top to bottom, of your rules is the order in which they are applied to a packet, so what you need to do is define all your allowable traffic, and then end your rulset with a "drop and log all" clause.
In Checkpoint terminology this is called the "cleanup rule" and is essential to a good firewall. As long as you have a cleanup rule, then only that traffic with you specifically allow will make it to, or through, your box.
Also, try making a startup script in your appropriate Rc.d directory that will load before the network is brought up so that iptables are loaded into the kernel before your interface comes up. One caveat however, if you get your IP viah DHCP, this will cause problems.