NOTE: This script is for three-way firewalls. If what you want is a two-way firewall, then usually all you need is Rusty's Three-line Guide to Masquerading, which I strongly recommend
Linux 2.0 kernels provided one method of setting up firewalls: ipfwadm(8). Linux 2.2 provides a slightly different method: ipchains(8). Linux 2.4 which is almost upon us is going to change things yet again. Meantime, for most working sysadmins, setting up a firewall is something the one does rarely, and is quite tricky and obscure... and which you have to get right. There are a number of toolkits designed to help this process, but when I tried I found the toolkits so hard to understand they weren't worth it.
The object of this script is not to be perfect but to be simple. I intend and hope that it's also fairly safe. It attempts to separate the process out into two phases: first, a series of variables which you should modify to describe the policy you want to achieve; second, a block of code which converts your policy into a series of ipchains instructions, which it then prints on standard out in the form of a Sys V style init.d script, allowing you to inspect and potentially alter the ipchains instructions before actually executing them.
This script deals with '3-way' firewalls, as described on page 73 (fig 4.7) of Chapman, D & Zwicky, E: Building Internet Firewalls: O'Reilly, 1995 [ISBN 1-56592-124-0]. This is basically the same arangement as this except that I use the names 'internal perimeter ouside' instead of 'GOOD DMZ BAD'. Note that both Chapman and Zwicky and the IPCHAINS-HOWTO are excellent and highly recommended reading.
It should be pointed out that I'm not a security expert and this script may have flaws; it is, as they say, a quick hack. It is distributed WITHOUT ANY WARRANTY AT ALL. You use it ENTIRELY AT YOUR OWN RISK.
Download the script.