here is what my ipchains look like. hopefully this will help.
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
:input ACCEPT
:forward REJECT
utput ACCEPT
# DNS servers
-A input -p tcp -s xx.xxx.xx.xxx domain -j ACCEPT
# reject for "register.asp" spam
-A input -p tcp -s xx.xxx.xxx.xx -j REJECT
# incoming ssh
#-A input -d 0/0 ssh -p tcp -j ACCEPT
# return from outgoing ssh
#-A input -s 0/0 ssh -p tcp -j ACCEPT
# return from outgoing chatterbox info connection
#-A input -s 0/0 4443 -p tcp -j ACCEPT
# incoming http/https
-A input -d 0/0 http -p tcp -j ACCEPT
-A input -d 0/0 https -p tcp -j ACCEPT
# return from outgoing http/https
-A input -s 0/0 http -p tcp -j ACCEPT
-A input -s 0/0 https -p tcp -j ACCEPT
# return from outgoing smtp
-A input -s 0/0 smtp -p tcp -j ACCEPT
# incoming smtp (temp)
-A input -d 0/0 smtp -p tcp -j ACCEPT
# return from outgoing mysql
-A input -s 0/0 mysql -p tcp -j ACCEPT
# localhost
-A input -i lo -j ACCEPT
# office IP
-A input -s xx.xx.xx.xx -j ACCEPT
# mail server
-A input -s xx.xx.xx.xx -j ACCEPT
# another server
-A input -s xx.xx.xx.xx -j ACCEPT
# somebody's home ip
-A input -s xx.xx.xx.xx -j ACCEPT
# everyone else
-A input -p tcp -j REJECT -l
-A input -p udp -j REJECT -l
-A input -p icmp -j REJECT -l