You can manually configure netfilter interactively from shell, save its state with iptables-save, and restore it via init script with iptables-restore upon system reboot. The iptables of Debian provide packet filtering, network address translation (NAT) and other packet mangling. There are some helper applications which can assist you setting up iptables, all of them available in the repos:

  • The fiaif configuration file is very similar to raw iptables rules.
  • filtergen has support for non-iptables packet filters too. The configuration file is application-specific.
  • fireflier has a client-server setup. All rules deny at first and ask the user which connections should be made.
  • firestarter is geared towards end-users and includes a wizard to quickly setup firewall rules. Popular pick.
  • fwbuilder is an object-oriented GUI which includes policy compilers for various firewall platforms.
  • guarddog is geared to both novice and advanced users.
  • ipkungfu is an advanced iptables script for inexperienced users (only supports IPV4).
  • mason is an application which can propose firewall rules based on the network traffic your system sees.
  • shorewall is a firewall configuration tool which provides support for IPsec as well as limited support for traffic shaping and the definition of firewall rules. Popular pick.
  • Canonical's ufw (and its GUI, gufw) from Ubuntu, is now available for Debian. Popular pick.

If you are in doubt, and want a “quick & easy” solution, choose firestarter or gufw.

