On Wed, 29 Jun 2016, Leon Vergottini wrote: > I am busy teaching myself iptables [....] > > How secure is this setup? Is there any mistakes or things that I > need to look out for? It's only as secure as your web stack (and, in your case, SSH configuration). Packet filtering is a necessary security tool, but it's not sufficient for total security. Much harder is auditing the pieces of your applications: * locked-down application configuration(s), * decent password policy, * access controls (mandatory and discretionary) that limit exposure to exploits or vulnerabilities, * timely patching, * good service monitoring combined with a remediation plan should things go awry, * good crypto configuration, * etc., etc. In other words, packet filtering is a good start toward a secure system, but no more than that. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/