I installed Mandrake 8.1, made no changes to any settings, then ran a port scan from another machine.

It found a handful of ports open (25, 80, 110, etc.) -- about what I expected.

My question is, what is closing the other ports? Does Mandrake have a firewall running by default? If so, what and where is it?

There are 65000+ ports, and only a dozen were open. What's closing off the rest?

The ports have to be actively opened. An open port just means that a proccess is listening on that port. You can open any of those ports yourself by writing ap simple server program to listen on them. However, the idea is that you want them to be closed unless its absolutely required that people outside be able to get into your computer through them. Any open port is, to some extent, a secutrity risk. On my desktop computer the only open port (even behind my firewall) is sshd (port 22 iirc). On my server, ports for sshd, httpd, cupsd, and smtpd are open. The firewall blocks cups, so I only have 4(+1duplicate) exposed ports going out to the public. This way when the latest BIND security vulnerability is realeased or the latest WuFTP exploit is announced, I don't really care because they're not running. And if a new apache issue comes out I know I better get the patch.