*filter
# Frist drop all incoming connections for whatever your port range is (used tracy's above)
:INPUT DROP [41:21590]
# Drop all forwarding connections
:FORWARD DROP [0:0]
# Allow outgoing connections (for wget, system updates etc)
:OUTPUT ACCEPT [77:11652]
# Allow established connections for your server (so when you run yum for example, you can actually get the repo replies)
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Let through what you need
# SSH
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# HTTP
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# HTTPS
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# FTP
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
# MySQL
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
# Make it go
COMMIT