I finally found some good info on how the firewall works in Mandrake. If you use the built-in, you are fine, but I'm using Guarddog, and I had problems.
The first was that by firewall wasn't being restored correctly when I booted up. I'm still not quite sure why that was, and what exactly the fix was. I now run service iptables save after any permanent changes to my firewall - in theory this shouldn't be necessary, because Guarddog installs /etc/rc.firewall which is run at boottime, but I'm making sure.
The second was that when my net connection dropped, after coming back up (I have a cron job that pulls it back up), the firewall was different - in particular it wouldn't allow ANY incoming connections. This was a pain for when I was trying to remote control my computer from work (I sometimes need to get things off it).
Anyway, I found this page answering where to execute guarddog script?. The relevant extra info is here:
Network Interface Up/Down ------------------------- The firewall script that Guarddog creates needs to be run when ever an network interface is brought up or down. In fact if Guarddog is not run after a network interface is brought up then the firewall *should* stop all traffic through that interface. This is a security feature. * Mandrake Linux and maybe Redhat - Unfortunately this isn't as simple as I would hope... The Mandrake networking scripts have 'hooks' which can be used to for getting things like firewalls run whenever a network interface is brought up or down. Log in as root and execute the next two commands: ln -s /etc/rc.firewall /sbin/ifup-local ln -s /etc/rc.firewall /sbin/ifdown-local
Those last two lines did the trick.
In fact, I have found that this is an extract from the README that is installed on my machine, but, rather unfortunately, the help file does not contain this information, and in fact suggests that this stuff is done automatically. Ooops. The author is now alerted.