Linux semi-n00b here, so please be gentle!

So far I have managed to install Apache and mod_wsgi on Ubuntu 10.04.3 LTS and get a couple of web sites working. I've locked down SSH as described in the Linode docs - using key based auth, disabled passwords and root.

I'm using it to run some wiki software (moinmoin), but I want to limit all access to the Linode to IP addresses that originate from my university.

From what I understand from Linode's documentation, I need to block all incoming traffic but then whitelist the acceptable IPs. All acceptable traffic will come from xxx.xx.*.* (users on the uni VPN) or xxx.xxx.*.* (users on the uni network).

I'm struggling to come up with the iptables rules I should be using - could anyone help?

I have thought about using a VPN connection, but that might cause some problems when accessing scientific journals from within the university as IP based authentication is already used to access scientific journals. Disconnecting and reconnecting the VPN all the time would be a pain.

Any other suggestions for how I could limit the traffic would be appreciated. The websites will be password protected by .htaccess, but I want to secure the server as much as possible. Thanks for any help!

Using ufw is probably the simplest method. Something like the following:

$ sudo apt-get install ufw
$ sudo ufw default deny
$ sudo ufw allow from ###.###.0.0/16 to any port 22
$ sudo ufw allow from ###.###.0.0/16 to any port 80
$ sudo ufw enable

Read up on the docs instead of just blindly copying and pasting. Ask if you're still unclear on things. Also, keep in mind it's not too hard to accidentally lock yourself out; use Lish if that happens.

Edit: you could also configure Apache itself to only respond to requests from designated IP addresses.

Thanks for your reply.

Went with ufw. Thanks for the link to the apache module - set that up as well, just in case the server gets used for anything public facing.