the netfilter site, home to iptables, is pretty good.
the snag is there's so much documentation, it's knowing where to start, so try here:
http://www.netfilter.org/documentation/ind...mentation-howtothe main page of docs is here:
http://www.netfilter.org/documentation/ind...mentation-howtojust search the page for "English"!
The key thing with the filter is to stop inbound and forwarded traffic, but you can allow IP packets related to existing connections; this is easy with TCP but for UDP the network stack needs to observe activity and remember its own "state"
thus the minimal firewall for the Zaurus would be
iptables -A FORWARD -j DROP
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -m state --state established,related -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j REJECT
this basically says we don't forward, we allow everything OUT, and we only allow existing connection and new ssh IN. The command "iptables -A" means append a rule, the FORWARD, OUTPUT and INPUT say to which filter we append, the rest is guessable.
HTH
Paul