The primary firewall on modern Linux OSes is the iptables firewall created by netfilter. The documentation has several articles of interest, in particular the netfilter/iptables HOWTO, the packet filtering HOWTO and the tutorials.
Here is an example of an iptables firewall that allows related (stateful) connections on the incoming interface and all new connections to TCP port 22 but denies all others:
iptables -P INPUT DROP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p TCP --sport 1024: --dport 22 --syn -j ACCEPTCreate a firewall on the Linux virtual machines and test out blocking and allowing various ports (or all connections). After each change, scan with Nessus to see how it affects the Nessus reports. Your writeup should include what types of firewall rules you tried and the effect it had on the Nessus reports.
Email your writeup to my Helios account.