On Wed, 29 Jun 2016, Leon Vergottini wrote:
I am busy teaching myself iptables [....]
How secure is this setup? Is there any mistakes or things that I need to look out for?
It's only as secure as your web stack (and, in your case, SSH configuration).
Packet filtering is a necessary security tool, but it's not sufficient for total security. Much harder is auditing the pieces of your applications:
* locked-down application configuration(s), * decent password policy, * access controls (mandatory and discretionary) that limit exposure to exploits or vulnerabilities, * timely patching, * good service monitoring combined with a remediation plan should things go awry, * good crypto configuration, * etc., etc.
In other words, packet filtering is a good start toward a secure system, but no more than that.