Here's my try. Customize the logging, and add your ports, but the rest should work fine.
As far as I know, for a regular box, all you need to customize is the INPUT chain. Do a 'iptables -L OUTPUT' to see if there's anything blocking outbound stuff. As far as I know, there usually isn't. This should be mostly all that's needed. I'm open to more knowledgable advice.

/etc/mysimplepolicy
-------------------------------
#!/bin/bash

#Flush of course. We're only concerned with INPUT now.
iptables -F INPUT

#Log new connections to any ports that need it. You may not want to log ports that get alot of new connections.
#Uncomment it if you want to use it of course.
#iptables -A INPUT -p TCP --destination-port <port or service name> -m state --state NEW -j LOG --log-level info --log-prefix "New <your service> connection:"

#Now let in each port that is allowed in.
iptables -A INPUT -p TCP --destination-port <port or service name> -j ACCEPT

#repeat for each port that's allowed in.

#You can also log all connection attempts to ports that shouldn't be connected to
#iptables -A INPUT -p TCP -m state --state NEW -j LOG --log-level info --log-prefix "Filteredconnattempt:"

#Now, to block all other new TCP connections, you may want to block some UDP or ICMP stuff, but you didnt' say anything about that.
iptables -A INPUT -p TCP -m state --state NEW -j REJECT --reject-with icmp-port-unreachable
--------------------------

Again, your outbound connections probably will not be blocked. Just check your OUTBOUND chain.

Hope this helps.

- UpperCell.