You could/should use IPtables.
Iptables is a complete subject on its own, so I can't explain it here, but there are plenty of good resources on the internet. You can also find lots of premade IPtables scripts.
Pesonally I prefer shorewall
; its secure, mature and easy to use.