Here is an example config for shorewall, pulled it straight off a relay I run.
# PORT PORT(S) DEST LIMIT GROUP
SECTION NEW
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#Ping(ACCEPT) net $FW
Ping(DROP) net $FW
ACCEPT net $FW tcp 9001 #tor
ACCEPT net $FW tcp 9030 #tor-dir
#ACCEPT net $FW tcp 22 #ssh/dropbear
ACCEPT net $FW tcp 80 #apache
#ACCEPT net $FW tcp 443 #ssl apache
# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp
Paste that into your /etc/shorewall/rules file, uncomment lines as needed and then 'service shorewall restart'