It depends on distribution. For example in Ubuntu iptables firewall is set initially to allow all. Don't affraid opened ports, be affraid of not mantained or downloaded from untrusted sources applications. Usually if somebody install server application he want to become it reachable for outside and some servers like mysql has set "local connections only" option by default. So no need blocking rules. However myself I block nearly all incomming connection on my router. If you want to all ports disabled there is no need to install additional software, just
iptables -P INPUT DROP
in some startup script will be sufficient.