First my setup:
Server: 10.10.10.80 (Debian Wheezy)
Workstation: 10.10.10.100 (Debian Wheezy)

Services needed for Server-Client comm:
Open SSH is on port 8000
NFS is on port 9000

The script below is for client only. Client does nothing but web browsing, open ssh, and nfs usage. Everything else should be blocked (inbound and outbound).

Here is the iptables script I have:
#!/bin/bash
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

#input
iptables -A INPUT -m state --state ESTABLISHED -t filter -p tcp --sport http -d 10.10.10.100 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -t filter -p udp --sport 53 -d 10.10.10.100 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -t filter -p tcp --sport https -d 10.10.10.100 -j ACCEPT

#output
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -t filter -p tcp --dport http -s 10.10.10.100 -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -t filter -p udp --dport 53 -s 10.10.10.100 -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -t filter -p tcp --dport https -s 10.10.10.100 -j ACCEPT

#lan_input_wifi
iptables -A INPUT -m state --state ESTABLISHED -t filter -p tcp -s 10.10.10.80 --sport 8000 -d 10.10.10.100 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -t filter -p tcp -s 10.10.10.80 --sport 9000 -d 10.10.10.100 -j ACCEPT

#lan_output_wifi
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -t filter -p tcp -s 10.10.10.100 -d 10.10.10.80 --dport 8000 -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED -t filter -p tcp -s 10.10.10.100 -d 10.10.10.80 --dport 9000 -j ACCEPT

iptables -A INPUT -s 10.10.10.80 -j LOG --log-level 7 --log-prefix "INPUT"
iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "OUTPUT"

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP



Basically, I want to block everything (inbound and outbound) unless it is explicitly defined in the iptables script. How does the above rules look? Is there any security concerns?