Its very important to firewall your server if its directly connected to an untrusted network.
I put together this sample for my box by using this helpful iptables tutorial.
This configuration allows any outbound traffic, and inbound requests only on ports 25, 80, 110, 443, and 37530. Everything else gets sent to the LOGNDROP rules which log the attempts on syslog, but no more than 5 per minute, and then discards the packets.
One need only remove the lines that accept port traffic to filter inbound traffic further, or replicate these lines and change the port to add additional openings in the firewall.
The first code block is the rules file. The second is the network interfaces configuration file, which loads the rules into iptables before bringing up the network.
/etc/iptables.rules:
# Generated by iptables-save v1.3.8 on Sun Jun 15 15:50:16 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LOGNDROP - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 37530 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -j LOGNDROP
-A LOGNDROP -p tcp -m limit --limit 5/min -j LOG --log-prefix "Denied TCP: " --log-level 7
-A LOGNDROP -p udp -m limit --limit 5/min -j LOG --log-prefix "Denied UDP: " --log-level 7
-A LOGNDROP -p icmp -m limit --limit 5/min -j LOG --log-prefix "Denied ICMP: " --log-level 7
-A LOGNDROP -j DROP
COMMIT
# Completed on Sun Jun 15 15:50:16 2008/etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
# load firewall:
pre-up iptables-restore < /etc/iptables.rules
address 192.168.3.33
netmask 255.255.255.0
gateway 192.168.3.1