DROP all -- anywhere anywhere
This will stop a connection being initiated from outside from getting in.
Actually,that rule is not needed because the default policy of your
iptables rules is to drop incoming connections anyway.
Out of curiosity,Can you surf when the firewall is on?
iptables -A INPUT -s 0/0 -p tcp --dport 3689 -j ACCEPT
will open 3689 to incoming connections from any source tcp connection.
This should give you a "quick fix"!!