You should start with making sure that all ports are closed and then open only the ones really needed.
Which port need to be opened is system/network setup specific.
For a decent port list you can have a look at
http://www.iana.org/assignments/port-numbersLet your firewall (at least in the beginning) warn you.
That way you can see what application is trying to use a certain port and you can say yes/no to it.
And ofcourse there is more to security than just the firewall
Have a look at this site too
http://www.markusjansson.net/erecent.htmlIt has many good tips for setting up security.
And have a look at my site (see my signature), I hope you never need the instructions there.
But you never know...