--reject-with icmp-proto-unreachable is supposed to be the proper response for this rule. A lot of people have opinions that dropping is better, and they are not hard to find on the internet. I use the "proper" response in my firewalls, I'll let you decide which you want in yours.
]]>However, I am not sure if I restoring the final rule like that
# iptables -D INPUT -j REJECT --reject-with icmp-proto-unreachable
# iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable
is necessary also after opening a new port, like that:
# iptables -A TCP -p tcp --dport 80 -j ACCEPT
iptables -A UDP -p udp --dport 53 -j ACCEPT