Enable iptables on one interface

So for all interfaces but one you want to accept all traffic, and on eth0 you want to drop all incoming traffic except ftp and ssh.

First, we could set a policy of accepting all traffic by default.

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Then, we could reset your firewall rules.

iptables -F

Now we could say that we want to allow incoming traffic on eth0 that is a part of a connection we already allowed.

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Also that we want to allow incoming ssh connections on eth0.

iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

But that anything else incoming on eth0 should be dropped.

iptables -A INPUT -i eth0 -j DROP

For slightly more depth see this CentOS wiki entry.

FTP is a trickier than ssh since it can use a random port, so see this previous question.

Something like this should do the job:

iptables -A INPUT -i eth1 -p all -j DROP
iptables -A INPUT -i eth0 -p all -j ACCEPT

It is very simple when you make an iptables rule then you have to specify the interface. The option to specify the LAN card on which iptables should work is -i

Following rules can give you a good example

iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -j REJECT --reject-with tcp-reset 

Last rule is to reject any other packet which does not match the first 2 rules. All rules in iptables are executed in the given order, so the rule to reject packets is always the last.

The option to specify an interface in your iptables rule is -i, e.g.: -i eth0.