As a unix sysadmin, who's done research on IDS, I'll toss in a few points:
For your purpose, what you've done looks acceptable (drop all incoming udp, all incoming tcp except ssh), you might also want to drop all incoming icmp packets (its mostly a DoS countermeasure, it hides the box a little, too)
If you were REALLY going to do this, you can't just block all incoming traffic, so in real life you'd want to do something
like this:
The basic firewall rule will be to allow incoming connections with valid syn flags to ports you know are in use and should accept outside connections, and allow packets part of any of these already established connections, dropping anything else. This keeps random malformed packets from hitting your services, which is how a large percentage of exploits work.
If they're going to make you turn on "all services", NFS will probably be included, so RPC is a valid concern. First, make sure you enable TCP Wrappers (/etc/hosts.allow, /etc/hosts.deny), and deny it to almost everyone.
Second, if you have to run a webserver, run a very simple one (apache, no mod_perl, no mod_php, just apache). It should install itself as the user "www", "nobody", or "wwwserv", as a precaution, but make sure that that user can NOT log in normally.
Third, they'll make you run sendmail. Fine. Download the latest source, compile from scratch, and read up on how to shut off everything and everything you'll never use, like uucp. Then block access to it from everyone except the firewall (tcp wrappers again), and make sure you only allow valid syn packets and established connections to go to it from the firewall.
Fourth, FTPD. Redhat comes with wu-ftpd. Delete it. Period. It's more complex than you'll ever need, unless you really care about having members of group a allowed to anonymously download from one directory, while members of group b only have access to their home directory, blah blah blah. It's too much. Look into either one of the BSD ftpd's or something like ProFTPD. Again, tcp wrappers and firewall.
SSH / Telnet. If they MAKE you install and allow telnet ... that's dumb. Nobody except college students uses it in real life. I suppose you should just make sure it's current (there was a big bsd telnet hole a while back, I'm not sure if it affected linux), and secure it like above. SSH has had a series of holes recently, so you'll want to download the new RPM for that and install (again, tcp wrappers everywhere, and set the firewall rather restrictively). (Contrary to n0c's opinion, there was at least one REMOTE ROOT security hole in OpenSSH in the last year or so... you really do need to update it before putting the box live).
Things like MySQL (and apache, telnet, if you can get away with it) : always try to make them bind to only the local interface (lo0 on bsd, I think it's lo0 on linux as well). Then block them completely at the firewall, nobody will need it except the local machine.
You seem to be in good shape for your assignment, but in real life, you'll have to open things up a bit more
