Use xinetd and TCP wrappers to restrict access to network services.

man host_access, and host_options pretty much sums up tcp wrappers.
add firewall rules and don't forget to run iptables-save afterwards.

chkconfig xinetd on and turn on the services on /etc/xinet.d/