Using the Linux packet filter effectively requires a solid
understanding of TCP/IP networking and how it is implemented in the Linux
kernel. The netfilter home page (see Resources, the last section of this tutorial, for a link) is a good
place to learn more.
Until you're comfortable building your own ruleset, there are many
scripts out there that can get you started, as long as you trust their
authors. One of the most complete is gShield (see Resources). You can adjust its well-commented and fairly
simple configuration file to set up most normal forms of packet filter
rules.