The Linux kernel includes packet filtering capabilities, but to add complexity the interface to changing the rules changes between kernels 2.0 and 2.2 (it is due to change again with 2.4, but compatibility interfaces are supposed to be included).
Under 2.0 kernels you use 'ipfwadm', but that's about all I'm going to say about it here.
Under 2.2 kernels you use `ipchains'. Here are my rules to block all access to the IMAP server except from localhost and part of a 10.* local area networks:
ipchains -A input -s 127.0.0.0/24 -d 0.0.0.0/0 143 -p tcp -j ACCEPT ipchains -A input -s 10.2.5.0/24 -d 0.0.0.0/0 143 -p tcp -j ACCEPT ipchains -A input -d 0.0.0.0/0 143 -p tcp -j REJECT
It is generally good practice to put all these rules in their own script that calls 'ipchains -F' at the top to flush all current rules. This way if you want to change the rules, you can just alter the script and re-run it. Make sure the script is called by the startup scripts preferably before other services are started. Don't forget to set the script executable!
Both ipchains and ipfwadm allow Network Address Translation rules, that can be used for masquarading and so on. If you want to do this I recommend you read other documentation, a good starting point is the ``Linux IP Masquerade mini HOWTO'' (/usr/doc/HOWTO/mini/IP-Masquerade on Redhat 6.x boxes if you have the howto's RPM installed).
NB If you are trying to firewall portmapper, port 111, remember that it listens for both TCP and UDP protocol connections