A jump in the deep end...

[CmdrSweevo]

A freind of mine has just ordered a linux root server and, between us, a couple of manuals and a few internet tutorials, we're trying to figure out how to firewall the thing with IP-Tables.

What we're trying to do is block all incoming and outgoing connections on all ports except SSH, HTTP, FTP, and a couple of arbitary ports demanded by our hosts. I've managed to find a very basic introduction to iptables, which all makes sense, and it gives a model command

iptables -A INPUT -i ppp0 -p tcp --syn --destination-port ! 80 -j DROP

which, I gather, blocks all incoming TCP SYN packets except the ones to port 80 (HTTP).

Bearing in mind that we're administering this remotely (so blocking the wrong ports could make things very difficult for us...)

1) Are we tearing off down completely the wrong road? Is this a disaster waiting to happen, or is there a far simpler way of doing things?

2) I don't know the interface name (although I can probably find out). Is this important?

3) Is the SYN part important? Would blocking other packets cause problems?

4) How do I add additional open ports to the command? DO I need to precede each one with an exclaimation mark?

5) To apply this to the output chain, I just need to change the word INPUT, right? Will this work?

Feel free to knock my newbiness...