Every VPS exposed to the internet requires a firewall - this isn't optional security theater. Your classifieds website handling user data and financial transactions makes firewall configuration mandatory. Without one, your Ubuntu 9.10 server running Java, PHP, and MySQL becomes low-hanging fruit for automated scanning bots.
iptables is Linux's native packet filtering framework that:
- Controls incoming/outgoing network traffic
- Operates through chain-based rule sets (INPUT, OUTPUT, FORWARD)
- Supports stateful inspection for tracking connections
Here's a starter configuration for your Ubuntu 9.10 VPS:
# Flush existing rules
iptables -F
# Set default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Open ports for services
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # SSH
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # HTTP
iptables -A INPUT -p tcp --dport 443 -j ACCEPT # HTTPS
iptables -A INPUT -p tcp --dport 3306 -j DROP # MySQL (restrict to localhost)
# Enable ping (ICMP)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
# Save rules (Ubuntu 9.10 specific)
iptables-save > /etc/iptables.rules
For your classifieds platform, add these security measures:
# Rate limiting to prevent brute force attacks
iptables -A INPUT -p tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT
# Protection against SYN floods
iptables -N SYN_FLOOD
iptables -A SYN_FLOOD -m limit --limit 10/second --limit-burst 20 -j RETURN
iptables -A SYN_FLOOD -j DROP
iptables -A INPUT -p tcp --syn -j SYN_FLOOD
# Block common exploit attempts
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # NULL packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # XMAS packets
While iptables works, consider these alternatives for easier management:
- UFW (Uncomplicated Firewall): Simpler front-end for iptables
- FirewallD: Dynamic firewall with zone-based configuration
- CSF (ConfigServer Firewall): Feature-rich with UI integration
Make your rules survive reboots with this legacy method:
# Create init script
cat > /etc/network/if-pre-up.d/iptablesload <html
Running a classifieds website with Java, PHP, and MySQL on Ubuntu 9.10 exposes your VPS to potential security threats. A firewall acts as the first line of defense against unauthorized access, DDoS attacks, and port scanning. Without proper firewall rules, your database (MySQL) and web services (Apache/Nginx) could be vulnerable.
iptables is Linux's native packet filtering framework. It allows you to:
- Filter incoming/outgoing traffic
- Set up NAT rules
- Create chain-based rulesets
Example basic iptables rules for your setup:
# Allow SSH (modify port if changed) iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow HTTP/HTTPS iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Allow MySQL (restrict to localhost if possible) iptables -A INPUT -p tcp --dport 3306 -j DROP # Default deny policy iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
For those who prefer more user-friendly options:
- UFW (Uncomplicated Firewall): Ubuntu's simplified interface for iptables
- Firewalld: Dynamic firewall manager with zones
- CSF (ConfigServer Firewall): Popular for cPanel environments
Your classifieds site requires special attention to:
# Tomcat (if using Java web apps) iptables -A INPUT -p tcp --dport 8080 -j ACCEPT # PHP-FPM (if using Nginx) iptables -A INPUT -p tcp --dport 9000 -j ACCEPT -s 127.0.0.1 # Rate limiting to prevent brute force iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
On Ubuntu 9.10, save and restore rules with:
iptables-save > /etc/iptables.rules echo "pre-up iptables-restore < /etc/iptables.rules" >> /etc/network/interfaces
Regularly check your firewall logs:
tail -f /var/log/syslog | grep iptables # Or for more detailed logging: iptables -N LOGGING iptables -A INPUT -j LOGGING iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4 iptables -A LOGGING -j DROP