-in creating a firewall what are the ports and services that should be allowed?

Exactly the ones you need.

1. In case of normal IPTABLES-SQUID setup.
Destination-port 80/443/53 OUT | TCP(for 80,443), TCP/UDP(for 53) -@INET-INTERFACE
Destination-port 8080/3128 IN | TCP(depending on if you are running PROXY accept for LAN) -@LAN-INTERFACE
ESTABLISHED & RELATED IN @INET-INTERFACE
ESTABLISHED & RELATED OUT @LAN-INTERFACE

2. In case of Iptables-transparent SQUID setup & MASQUAREDING
Destination-port 80/443/53 OUT | TCP(for 80,443), TCP/UDP(for 53) -@INET-INTERFACE
Destination-port 80/443/53 IN | TCP(for 80,443), TCP/UDP(for 53) -@LAN-INTERFACE
ESTABLISHED & RELATED IN @INET-INTERFACE
ESTABLISHED & RELATED OUT @LAN-INTERFACE

In last case & only in MASQUAREDING.. you got to,
Destination-port 80/443/53 FORWARD IN | TCP(for 80,443), TCP/UDP(for 53) -@LAN-INTERFACE
ESTABLISHED & RELATED FORWARD IN | @INET-INTERFACE

For rest of the ports & their direction of implementation;
you got to make list of services you are running & refer /etc/services for their port nos.

p.s. : ALL CHAINS HAVE DEFAULT POLICIES AS DROP.

is this a router, a server, or a stand-alone PC?? the typical stand-alone PC won't need to allow any incoming connections to any port at all (all ports filtered), and outgoing connections would either be allowed to any port, or to "exactly the ones you need", as indicated by Samotnik... but really, the only way for us to advise you on which ports/services to allow is if you first provide a description of what the relevant box's duties are...

-well basically the box acts as a firewall it has a squid configured on it and uses port 80. the only thing that the firewall should allow is for ftp & http download and web access.

-well basically the box acts as a firewall it has a squid configured on it and uses port 80. the only thing that the firewall should allow is for safe and secure ftp & http download and web access.