This section describes setting up a firewall on a Debian system. A useful and simple tool to generate firewalls is fwbuilder. Debian packages are available in current distributions.
iptable-based firewalls can log actions to rsyslog. To redirect them to a different file other than /var/log/messages, add the file /etc/rsyslog.d/firewall.conf with the following content:
# Redirect firewall messages to /var/log/firewall.log :msg, contains, "FW RULE" /var/log/firewall.log & ~
This assumes that all firewall messages contain the text FW RULE.