Reading the discussion about Taroon, portmapper, ports, etc., reminded me of one of the shortcomings of Red Hat Linux (and all other distributions AFAIK).
It seems to me that the fundamental problem is the lack of "linkage" (for lack of a better word) between service configuration and firewall configuration. In an ideal world, the network access required by a service would be easy to determine -- perhaps with chkconfig-like meta- data in the init script. The firewall configuration program could then be enhanced to prompt accordingly.
Even better, to my mind, would be to actually combine the services and firewall configuration programs. Instead of a single checkbox for each service, each service would have a checkbox for each interface. The network configuration program should probably prompt the user to run the firewall configuration when an interface is added.
Just some thoughts on future directions. Flame away!