It's never a good idea to let doors open. Neither should there be unnecessary open ports on your server. With Iptables, a firewall shipped with Ubuntu, it's not that hard to secure your server. A very detailed and nice introduction can be found in the Ubuntu Wiki.
A sample setup might look like the following. First step is to allow already established connections.
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Then the ssh and http ports should be accepted.
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
Finally all other traffic shall be blocked.
sudo iptables -A INPUT -j DROP
Note that the order of the iptables list is important. It works from top to bottom and when for example DROP all is the first entry, nothing else is allowed to enter. Also make sure to not block your ssh port! Else you got a problem.
Adding new rules
Now we realise, we forgot one port. But that's no problem! We can not only append new rules, we can also specify where to include the rule. Take a look at the already created list.
sudo iptables --list
We decide to add port 12345 as 3rd rule. So let's do that!
iptables -I INPUT 3 -p tcp --dport 12345 -j ACCEPT
Checking back on the list should show the added port.
Preserving the iptables rules after rebooting is pretty easy.
Now you're done! Your server should be (more) secure and your life easier.