I want to make my Debian 3.0 Pentium II computer into a gateway/firewall for my home network. I want to create a shell script that contains all of the iptables rules that I want to run - mainly, keep all incoming connections out and let the computers on my LAN connect to the internet.

Does any one know from experience, for a Debian box, what directory do I need to create this firewall script in, and how do I get it initialized at boot up?

By the way, I've got iptables version 1.2.7a installed. Can I just add the necessary modules to /etc/modules to get them to load at boot time?

Thanks very much.

You should be able to add the script to the /etc/rc.boot directory, but this is deprecated, and may not work if you upgrade, If you want to do it properly, write your own init script and put it in the /etc/init.d directory and create a soft link in the /etc/rc.S

If you have iptables installed as modules, then just add the lines which were installed, such as

ipt_LOG
ipt_REDIRECT
ipt_MIRROR
ipt_MARK
ipt_MASQUERADE
ipt_REJECT
ipt_TCPMSS
ipt_TOS
ipt_length
ipt_limit
ipt_state

Tonight I created a script, rc.firewall, in /etc/init.d. Now, if I create a soft link in /etc/rcS.d to /ect/init.d/rc.firewall, the firewall script will execute, is that correct? So is /etc/rcS.d a script that is run right before the runlevel script is run - my runlevel is set to 2, so rc2.d is the one that executes.

Thanks for your help.

Yes, putting your rc.firewall script in /etc/init.d/ and then putting a link to it in /etc/rc2.d/ should do the trick. Just give the link an appropriate prefix so it gets run when you want (all the scripts in /etc/rc2.d/ will get run in alphanumeric order).

Debian has a "firewall-easy" package if I remember rightly from browsing dselect. Maybe you fancy installing it, finding out where it puts the firewall rules, and then modify them to suit yourself.

Also, don't know if you already have ipmasq set up already, but the scripts provided by Debian's ipmasq package auto-load the required iptables modules, so if you have done it the Debian way, you needn't mess around too much with /etc/modules .