Trellis server.yml runs a ferm role to setup some basic iptables firewall rules. The role README has some details of implementation. As mentioned in the Ubuntu IptablesHowTo, sudo iptables -L will list the current rules in iptables.
You could research iptables-based firewalls, developing a list of iptables rules you want in effect, compare them with the rules Trellis puts in effect (run sudo iptables -L on a Trellis-provisioned server to check), and add your desired extra rules (e.g., in group_vars/all/security.yml) using the instructions the in the ferm role README.