These are my firewall rules along with log locations and log rotation.
rsyslog.d/01-iptables.confgoes into/etc/rsyslog.d/. The rule should be alphabetically early so that discard rules apply to other logs.service rsyslog restartmust be run to apply the configuration. See alsoman rsyslog.conf.logrotate.d/iptablesgoes into/etc/logrotate.d/. This is so that firewall logs get rotated on a daily basis. No service restart is required because logrotate is executed by anacron periodically.iptables.rulesis my firewall.
Enable the firewall
iptables-restore < iptables.rules
Disable the firewall
iptables -F
View the firewall
iptables -nL
iptables -t nat -nL
Render the firewall rules
iptables-save
See also: man iptables and man iptables-extensions.
You can test log rotation with the following command.
sudo logrotate --force /etc/logrotate.d/iptables
See also man logrotate.