1) Yes, you may want to place him in a jail though depending on what you want him to do once logged in.
2) There are quite a few iptables tutorials but something simple would be:
Code:
iptables -F # clear existing rules
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # allow http
iptables -A INPUT -p tcp --dport 25 -j ACCEPT # allow smtp
iptables -A INPUT -p tcp --dport 22 -j ACCEPT # allow ssh
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT # allow loopback
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # allow established
iptables -P INPUT DROP # drop everything else
To stop root from connecting anywhere just delete the "root@%" user from the mysql user table. Obviously make sure you have a "root@localhost" accout first.