I'm new to Linux, I'm using ubuntu, I think if linode can provide the iptable scripts for some cases then will be great.

My wishlist:

A: For webserver
1. Just allow SSH and HTTP, HTTPS service
2. Anti synflood
3. Allow outbound ping but reject inbound ping
4. Reject Invalid networks (Spoof)
5. Validate packets


B. For DB server
1. Just allow connect mysql from webserver only.
2. Disable all other services.


Best regards,

This -might- be something included in the Managed beta (viewtopic.php?f=26&t=9708) - but as of now Linode is still an unmanaged service, so it's unlikely they would provide these scripts.

1) Allow all (default on most distros) have web/ssh server listen on 0.0.0.0 Ports 22, 80, 443. Done
2) -A INPUT -p tcp -i eth0 --syn -m limit --limit 100/second --limit-burst 200
3) No.
4) Define Invalid networks?
5) No rules needed.

DB server:
1) Set mysql to listen on localhost only
2) Don't start those other service.

DONE

apt-get install ufw
man ufw

_________________

/* TODO: need to add signature to posts */

^ this