====== Firewall ======

This section describes setting up a firewall on a Debian system. A useful and simple tool to generate firewalls is [[http://www.fwbuilder.org/|fwbuilder]]. Debian packages are available in current distributions.

===== Logging =====

iptable-based firewalls can log actions to rsyslog. To redirect them to a different file other than ''/var/log/messages'', add the file ''/etc/rsyslog.d/firewall.conf'' with the following content:
<code>
# Redirect firewall messages to /var/log/firewall.log
:msg, contains, "FW RULE" /var/log/firewall.log
& ~
</code>

This assumes that all firewall messages contain the text **FW RULE**.