Okay.. nice general responce for everyone, in Kilroy's specific case I'd rather go over it by private e-mail (and you should have an e-mail from me Kilroy ) discussing ones security setup publically is not something you do
Anywho, in general case I'd use a firewall specifically for this job. Firstly, you won't just shield services if you just turn everything onto deny and then just open up specific ports for specific protocols in specific directions.
Firewalls can look rather overwhelming at first glace, but once you start working with some of the simpler rules you can get along with most of them quite easily. RH comes with iptables, as should most distro's with a 2.4 kernel (its the optional netfilter stuff if you compile your own kernel) Most HOWTOs on the subject do pretty well on explaining the various options iptables provides. For example..
iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -d w.x.y.z -p tcp -m tcp --dport 80 -j ACCEPT
would set the default policy for INPUT (one of the primary targets), or all incoming packets to DROP. Which means incoming packets by default would drop (DO NOT EXECUTE THIS ON A REMOTE MACHINE BEFORE YOU SETUP OTHER RULES
) the following line allows related and established connections in and the last ACCEPTs on port 80 for the IP address w.x.y.z (note it accepts only TCP connections, web traffic doesn't need UDP so we don't allow it )
Ideally (as per my warning) you should execute those command in reverse order, otherwise if it is a remote machine you cut yourself off when you drop all INPUT packets. This is only an example, also I haven't mentioned the OUPUT (the packets going out from the machine) and the FORWARD (the packets you are routing for another, which you don't do unless you are a router/gateway machine) targets, which can accept similar rules just applied to packets travelling in different ways.
In essence you can allow ports as you wish on your local IP, and even specify who remotely can access them (using a source IP option). I'm no firewall expert, but I have setup a few in the past and can assist in the setup of simple firewalls if you want, but I dislike discussing specific security requirements/setup on a public forum.
I also recommend you try to understand what a firewall does and how it works. Reading material can be found at The Linux Documentation Project, and also there is the NetFilter/iptables Homepage. These are specific to iptables, rather than firewalls in general, but they should help nonetheless.