I have a service running on port 5555 on my machine. I want to make it so that only localhost can connect to that port.

The service itself is not capable of performing access control based on the remote host, so I figure I have to use a firewall.

Can I do something with the "ipchains" command? What would be the syntax? Is there a good IPChains For Dummies type tutorial webpage somewhere?

Check out the IPCHAINS-HOWTO:
http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html

Figured it out. :)

# Accept connections to port 5555 from localhost
ipchains -A input --destination-port 5555 -s 127.0.0.1 -p tcp -j ACCEPT
# Deny connections to port 5555 from anywhere else
ipchains -A input --destination-port 5555 -p tcp -j DENY

Download and install PMFirewall at http://www.pointman.org

It's a great little script that creates a pretty good ipchains ruleset and will even setup IPMasquerading with a simple 'yes' or 'no'.