Workstation is firewalled (by the Gateway) but its built-in firewall is disabled by default. See: https://www.whonix.org/wiki/Whonix-Workstation_Firewall
I can't answer for SVN, but Pidgin and OpenVPN (client) work without modifying Whonix's firewall. If you are having trouble with those two, it is unrelated to the firewall. More info here: https://www.whonix.org/wiki/Install_Software#Whonix-Workstation_is_firewalled
TCP, yes. I actually don't know what the source ports are in Workstation (maybe identical to destination ports on the Gateway?) In any case, traffic is routed through several dozen ports on the Gateway so that Gateway can route each stream through a separate Tor circuit. Stream Isolation. See in Gateway: /usr/share/tor/tor-service-defaults-torrc for all the ports in use.
Whonix is designed to route ALL of your traffic over Tor. iptables do not need to be modified to achieve that. It sounds like you are interested in using client applications, which should just work.