...
iptables-persistent instead enshrines the path names /etc/iptables/rules.v4 and /etc/iptables/rules.v6 as being its "master files".

Thanks. Good to know

Regarding the "microHOWTO" iptables-persistent guide and just for the record, the service itself is now named 'netfilter-persistent'. Package name is still 'iptables-persistent'.

iptables-persistent instead enshrines the path names /etc/iptables/rules.v4 and /etc/iptables/rules.v6 as being its "master files".

Over at Debian Wiki https://wiki.debian.org/iptables it says:

A bit confusing, so I have to ask; Is this some specific temporary master file read by netfilter?

Appreciate the iptables-persistent package. Having a service taking care of it make sense to me. Great.

Yes, agree. To see if I could understand how ufw is working I ended up with confusion

Cheers

So I can focus on how to setup rules, could you please come up with a suggestion on how to do loading of rules the best way with Devuan? Just to have something running I have temporary installed gufw/ufw.

There are "wheels" of many colours for this ufw isn't too bad although it does introduce a (confusion?) layer between the ufw rules and the actual iptables rules. But I'm sure you'll easily find proponents talking more warmly about ufw.

I'm happy with raw iptables, so I install and use the iptables-persistent package.

Not really. Of course, for those kiddies, the "word" iptables has got the extra meaning of being the name of a service in addition to being the program for manipulating the kernel tables.

Regarding what you told me about attaching to the event of bringing up an interface, I was clearly not aware of what I was doing.

So I can focus on how to setup rules, could you please come up with a suggestion on how to do loading of rules the best way with Devuan? Just to have something running I have temporary installed gufw/ufw.

Regarding Iptables How-To's that are out there, are there any differences between a systemd system and Devuan that I need to be aware of?

If that is your case, you will need to ensure that the rules files are included in your initrd, as well as the iptables-restore program and its dependencies (libraries). (I believe the if-pre-up.d script gets pulled in to the initrd automagically when remaking initrd).

Or alternatively, make that not be your case by not letting udev start networking. I.e., remove all "allow-hotplug" phrases from /etc/nework/interfaces. Possibly use "auto <if>" phrases instead, which tells the post-pivot networking init script that "these are yours, mate", or if then you also have a separate network manager, you'll need to leave all song and dance to it.

EDIT: I see from your other post that you're using wicd, so my thought about udev is probably not applicable here. Maybe it's enough to make your script exit more promptly when lo is brought up; or even tie it explicitly to $IFACE=wlan0.

After installing Devuan I was eager to find out how to configure Iptables so I could get an ok simple desktop configuration.

I have used FreeBSD for a while now and are starting pf in /etc/rc.conf, but if I am understanding correctly now Iptables is a way of handling rules for telling netfilter, which is running all the time no matter what, in the kernel on how to handle network traffic. So no need for any entry in a rc.-file. Is this correct?

As a first timer I used this guide: https://wiki.debian.org/iptables

When it comes to loading rules I have understood it as such that one have  to make a shell script that executes on every reboot, where this script tells which file is the custom iptables rules file. Otherwise there will be no loading of rules. Is this correct?

The Iptables rules file can be named what ever and be located where ever as long as the path in shell script points to it. Is this also correct?

I used the commands:

iptables-restore < /etc/network/iptables.up.rules
iptables-save > /etc/network/iptables.up.rules

I tried to make a script 'iptables' which I placed in /etc/network/if-pre-up.d/

Content of the script was:

#!/bin/sh
/sbin/iptables-restore < /etc/network/iptables.up.rules

To make the script executable I used:

chmod +x /etc/network/if-pre-up.d/iptables

My experience is that the computer hanged during boot when using this script. Note: I just noticed that there is no space betwen #! and /bin/sh. Maybe this has something to do with it.

Since this is new to me I am wondering if there is an optimal or preferable way of doing it with Devuan? Also, is there any difference between a systemd system and Devuan when it comes to configuring Iptables?

Thanks