Block everything by default, at least incoming (iptables -P INPUT DROP).
Allow all traffic at lo interface: it's needed by some programes. But as you have 2 interfaces with 127.0.0.1 address, you may use this address (and not interface name) when creating your rules. Of course you may also use intarfaces' names in conjunction with their IP addresses and it'll be better.
I think, 'mirrorred' interfaces are the result of virtualization.
Allow only what you need, p.e.:
Code:
iptables -A INPUT -d <your_ip> --dport 80 -j ACCEPT
As you see, you may omit the '-i' or '-o' options, which means 'incoming intarface' (or outgoing, respectively). It's not obligatory.
But be careful: you're using VPS. I'm not sure that it's somewhere near you and you have access to its console in case of making a mistake in the firewall rules and losing access to your VPS ;-)
PS: so, the idea is to allow all traffic from 127.0.0.1 and vice versa, and to filter on other interfaces, which are not loopback.
PS2: I was a little bit shocked when read that you run mail and LAMP services, but don't use iptables.