Well since there really are no important services needed on it - the first step would be to make sure both the root account and your usual login account are secure (have a safe password and/or you can't login directly to root)
The install I describe only has the following services available:
ssh (22), portmap (111), ipp/cups (631), rpc.statd and something else with a non-secure port (no idea what it is
If you wanted to add a firewall you could just block all incoming ports except 22 (ssh) and 4028 (cgminer API)
That's more than enough in my opinion.
However, I've no idea what ssh issues there are since 11.04 - I guess go read up on that would be my answer.
If you want to describe how you think adjusting the firewall should be done, I'll test/fix it and add it to the script described as an optional security step.
Personally that as far as I'd go with it.