Security is the major concern for anyone hosting a website on the internet. These are the preliminary security settings to be performed to protect your server.
Our server stack is LAMP. Hence iptables as the firewall is the most natural choice. The requirements are like
1. Block everything except Ping, SSH, Apache, and SSL.
2. Enabled SSH only from the selected IP addresses.
The following script takes care of all iptables settings. (Idea copied from here)
Note: Please enter the command one by one. Make sure you replace IP1.IP2.IP3.IP4 with your own IP address.
# Establish a clean slate
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F # Flush all rules
iptables -X # Delete all chains
# Disable routing. Drop packets if they reach the end of the chain.
iptables -P FORWARD DROP
# Drop all packets with a bad state
iptables -A INPUT -m state --state INVALID -j DROP
# Accept any packets that have something to do with ones we've sent on outbound
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Accept any packets coming or going on localhost (this can be very important)
iptables -A INPUT -i lo -j ACCEPT
# Accept ICMP
iptables -A INPUT -p icmp -j ACCEPT
# Allow ssh
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow httpd
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Allow mysql
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
# Allow SSL
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Block all other traffic
iptables -A INPUT -j DROP
I guess the above script should take care of the basic security issues. Hope it helps.