You want to keep all ports closed except for those such as http, smtp, pop3, imap4, mysql, applications using uncommon ports, https.
You usually will want MySQL closed to external IPs... Also, you should look into IPtables syntax and create yourself a ruleset fit for your needs. That is going to be the same firewall that is included with RHEL or CentOS, and should be built into your build. I wouldn't recommend running Gentoo if you are unfamiliar with a Linux, and especially in a server environment. A critical exploit (such as libc) can lead to two or three days of recompiling to patch, and the administration of such an OS is a bit more complicated than a binary distribution such as CentOS.
██ HermeTek Network Solutions
██ Network design, security, and implementation
██ BSD & Linux consulting, training, and hosting
██ https://www.hermetek.com | 1.866.235.1288