Make a cron job run every five minutes that resets the firewall so you can prevent yourself from getting locked out while testing any changes.
Here is a new cronjob entry:
*/5 * * * * /etc/init.d/iptables restart
iptables -A INPUT -s <IP-ADDRESS> -j DROP
Port 25 only needs to be open if you are accepting incoming mail.
Open all ports to a subnet
iptables -A INPUT -p tcp -s 192.168.12.0/24 -j ACCEPT