creating firewall rules is complex, but you can start with the iptables command. you can probably begin with the -L option. for example, you can use this command to list the current configurations in your linux server

iptables -L -t filter
you might get an output that looks like this: 
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             127.0.0.0/8
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  base-address.mcast.net/4  anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere

Chain INT_IN (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain INT_OUT (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain PAROLE (10 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PUB_IN (4 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:hosts2-ns
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ndmp
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
DROP       icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain PUB_OUT (4 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere


you can use the -P option to set the default CHAIN POLICY

SHELL COMMAND:
iptables -t filer -F FORWARD


SHELL COMMAND:
iptables -t filer -P FORWARD DROP
NOTE: the -p (--protocol) option lets you specify the low-level protocols used 
       -F, --flush [chain]
              Flush  the  selected  chain  (all the chains in the table if none is given).  This is
              equivalent to deleting all the rules one by one.

       -Z, --zero [chain]
              Zero the packet and byte counters in all chains.  It is  legal  to  specify  the  -L,
              --list  (list)  option  as  well,  to  see  the  counters immediately before they are
              cleared. (See above.)

       -N, --new-chain chain
              Create a new user-defined chain by the given name.  There must be no target  of  that
              name already.

       -X, --delete-chain [chain]
              Delete the optional user-defined chain specified.  There must be no references to the
              chain.  If there are, you must delete or replace the referring rules before the chain
              can be deleted.  The chain must be empty, i.e. not contain any rules.  If no argument
              is given, it will attempt to delete every non-builtin chain in the table.

       -P, --policy chain target
              Set the policy for the chain to the given target.  See the section  TARGETS  for  the
              legal  targets.   Only built-in (non-user-defined) chains can have policies, and nei-
              ther built-in nor user-defined chains can be policy targets.

       -E, --rename-chain old-chain new-chain
              Rename the user specified chain to the user supplied name.  This is cosmetic, and has
              no effect on the structure of the table.

       -h     Help.  Give a (currently very brief) description of the command syntax.


for example, you can combine multiple items to filter based on several criteria. for example, in ta default/deny configuration you can open traffic to TCP port 445 from the 192.168.1.0/24 network with a single command:

SHELL COMMAND:
iptables -A INPUT -p tcp --dport 445 -s 192.168.1.0/24 -j ACCEPT