Firewall configuration on Ubuntu KVM host

Firewall configuration on Ubuntu KVM host

I have an Ubuntu 9.10 server with KVM virtualization installed on it (I'll call it HOST). It has two VMs running, one with Apache installed (calling it APACHE) and one with Mysql installed (calling it MYSQL). The host has a bridge configured to provide access to the VMs.

I'd like to run a firewall on the host, but not on each VM. The firewall should block all ports on the host and VMs that aren't necessary. Here's specifically how I'd like to configure it:

HOST should only be able to be connected to via SSH from within it's netblock.
HOST should not have any other ports than SSH open.
APAHCE, MYSQL should be able to be connected to via SSH from anywhere.
MYSQL should be able to be connected to via port 3306 from within the netblock only.

I just recently switched to Ubuntu, so I'm not sure what the best firewall tool is. I've dabbled with iptables on CentOS in the past, but iptables isn't running on my host system. I've seen reference to UWF as the firewall tool for ubuntu? It looks like UWF is installed, but not active.

Any suggestions on how to get this going? What files should I be editing? Are there any good HOWTOs on doing this that I just haven't found?

Fresh Meat for Software Developers

Firewall configuration on Ubuntu KVM host