APF firewall on debian etch
wget http://www.r-fx.ca/downloads/apf-current.tar.gz
tar xvfz apf-current.tar.gz
cd apf*
./install.sh
[error while installing: 
------------------
Installing APF 0.9.6-2: cp: cannot create regular file `/etc/rc.d/init.d/apf': No such file or directory
--------------
We fix this with:

cp apf.init /etc/init.d/apf
update-rc.d apf defaults

Lets configure the firewall: vi /etc/apf/conf.apf
(look in the README for more info regarding options)

use DShield.org's "block" list of top networks that have exhibited
suspicious activity by changing  USE_DS="0" to USE_DS="1"

to start the firewall

/etc/init.d/apf start

more help:
 /usr/local/sbin/apf --help
-----------------------
APF version 0.9.6 <apf@r-fx.org>
Copyright (C) 1999-2007, R-fx Networks <proj@r-fx.org>
Copyright (C) 2007, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL

usage /usr/local/sbin/apf [OPTION]
-s|--start ......................... load all firewall rules
-r|--restart ....................... stop (flush) & reload firewall rules
-f|--stop........ .................. stop (flush) all firewall rules
-l|--list .......................... list all firewall rules
-t|--status ........................ output firewall status log
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
                                     immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
                                     immediately load new rule into firewall
-u|--unban HOST .................... remove host from [glob]*_hosts.rules
                                     and immediately remove rule from firewall
-o|--ovars ......................... output all configuration options
-----------------------

Standard the firewall clears itself every 5 minutes from cron in case somebody
scr*wed up. 

vi /etc/apf/conf.apf

Change DEVM="1" to  DEVM="0"