You should block all & selectively allow which ports you need to. Luckily, if you accidentally lock yourself out, you can access your Linode via the Lish console to flush any errant firewall rules.
Here are some of the firewall configurations I regularly use:
Allowing SSH, HTTP, HTTPS
iptables -A INPUT -p tcp -m multiport --destination-ports 22,80,443 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/24 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
If you need to allow FTP, include port 21 (for passive connections you may need to define an additional port range I use 21000-21100:
iptables -A INPUT -p tcp -m multiport --destination-ports 21,22,80,443,21000:21100 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/24 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
For some reason, I have also found I'm unable to send mail using sendmail, exim, etc unless I open up port 25 (your mail config typically would be setup to only accept email being sent from the local server):
iptables -A INPUT -p tcp -m multiport --destination-ports 21,22,25,80,443,21000:21100 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/24 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
In order to flush your rules to start over without locking yourself out, use the following set of commands:
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -F
To view your current firewall rules & statistics, you can use the following command:
iptables -L -nv
Also don't forget to save your rules & make sure IPTables starts up on reboot.