Comment Re:It Depends (Score 5, Informative) 348
Depends on the quality of the web apps running under LAMP
If they get hacked, it may be possible for the attacker to spawn a new process running on some other port (ie, a shell), or sending stuff out to other machines, so having a firewall that only allows the services you have listening may be good, as well as possibly having it restrict new outgoing connections.
And no, you don't need to write complicated iptables scripts/rules to do this. The ufw utility (available in Debian, Ubuntu, Mint, etc) has truly simple syntax
ufw allow ssh
ufw allow http
ufw allow https
ufw enable