This section describes setting up a firewall on a Debian system.

iptable-based firewalls can log actions to rsyslog. To redirect them to a different file other than /var/log/messages, add the file /etc/rsyslog.d/firewall.conf with the following content:

# Redirect firewall messages to /var/log/firewall.log
:msg, contains, "FW RULE" /var/log/firewall.log
& ~

This assumes that all firewall messages contain the text FW RULE.