A few configurations must occur after the first reboot, and some are not implemented to greatly simplify the setup. These steps, however, are important for the securing of the server.
MySQL root password
The password is unset by default, and can only be set when the MySQL daemon is running (after first boot). To set the password, use the following command as root:
# ln -s /var/www/tmp/mysql.sock /tmp/mysql.sock # mysql_secure_installation
iptables filters inbound and outbound traffic by a sequence of rules. These rules are to prevent undesired traffic from being responded to, helping defend against DOS attacks and to prevent unauthorized access (such as permitting SSH connections only from an IP address/range).
Typical rules will include inbound connections for SSH (22), Minecraft (25565), HTTP (80), though any setup is possible.