SoloCodigo

Download the latest rc.firewall [wget http://projectfiles.com/firewall/2.0rc10/rc.firewall]
Edit the options at the beginning of the file with your favorite text editor. The script comes pre-configured to deny all incoming connections. This is suitable for a typical workstation installation. Refer to the configuration page for in depth explanation of available options.
Make the script executable [chmod +x ./rc.firewall]
Become root [su]
Run the script [./rc.firewall]
After you have verified that your firewall is configured properly, you probably want it to be configured automatically on boot. To accomplish this, move the script to the appropriate startup script directory for your distribution [/etc/rc.d/ for Slackware, /etc/init.d/ for Gentoo] and add the following lines in your startup scripts at some point after your ethernet interfaces are configured [for example /etc/rc.d/rc.local for Slackware, and /etc/conf.d/local.start for Gentoo].

Slackware
if [ -x /etc/rc.d/rc.firewall ]; then
  /etc/rc.d/rc.firewall
fi

Gentoo
if [ -x /etc/init.d/rc.firewall ]; then
  /etc/init.d/rc.firewall
fi

If you are using this firewall on a machine to which you do not have physical access, but can reboot remotely (for example a collocated server or a Linux router at a computer illiterate friend's house), you might want to think about putting in a short delay between the time the machine boots and the initialization of the firewall. This would give you a chance to log in and disable the firewall [chmod -x] if something goes wrong. A good example might be if you have the script configured to allow you to connect from a specific remote IP address and your address changes. If you choose to implement this idea, it can be done with the following code in rc.local:
if [ -x /etc/rc.d/rc.firewall ]; then
  sleep 30 && /etc/rc.d/rc.firewall | logger -t rc.firewall &
  echo "Firewall init in 30 seconds.  Check syslog for results."
fi

System Requirements

You need the iptables userspace tools installed. Every distribution should have a package that includes these tools.
You need proc filesystem support. Everyone should already have this unless you are doing something strange.
In addition to basic networking options such as TCP/IP support and drivers for your network cards, your kernel must have support for the options listed below. Most distributions already have support for all required options. The script will report a problem if something is missing.
Base configuration
CONFIG_NETFILTER
Networking options -> Network packet filtering
CONFIG_IP_NF_CONNTRACK   (Required, even if you aren't doing NAT, since the script performs stateful inspection.)
Networking options -> IP: Netfilter Configuration -> Connection tracking (required for masq/NAT)
CONFIG_IP_NF_IPTABLES
Networking options -> IP: Netfilter Configuration -> IP tables support (required for filtering/masq/NAT)
CONFIG_IP_NF_MATCH_STATE   (This script is virtually entirely based upon the state matching module of netfilter.)
Networking options -> IP: Netfilter Configuration -> Connection state match support
CONFIG_IP_NF_FILTER
Networking options -> IP: Netfilter Configuration -> Packet Filtering
CONFIG_IP_NF_TARGET_REJECT   ('graceful' reject target)
Networking options -> IP: Netfilter Configuration -> REJECT target support
Required only if you are doing NAT or port forwarding:
CONFIG_IP_NF_NAT
Networking options -> IP: Netfilter Configuration -> Full NAT
CONFIG_IP_NF_FTP   (Since FTP uses two ports, one for control and one for data, connection tracking requires special helpers provided by this kernel option.)
Networking options -> IP: Netfilter Configuration -> FTP protocol support
CONFIG_IP_NF_IRC   (Allows IRC clients to initiate DCC chats and file transfers through a linux firewall.)
Networking options -> IP: Netfilter Configuration -> IRC protocol support
Required only if you have dynamic (dial-up) interfaces:
CONFIG_IP_NF_TARGET_MASQUERADE
Networking options -> IP: Netfilter Configuration -> MASQUERADE target support
Required only if you enable logging:
CONFIG_IP_NF_TARGET_LOG
Networking options -> IP: Netfilter Configuration -> LOG target support
CONFIG_IP_NF_MATCH_LIMIT
Networking options -> IP: Netfilter Configuration -> limit match support
Required only if you are doing port forwarding:
CONFIG_IP_NF_MATCH_MARK
Networking options -> IP: Netfilter Configuration -> netfilter MARK match support
CONFIG_IP_NF_MANGLE
Networking options -> IP: Netfilter Configuration -> Packet mangling
CONFIG_IP_NF_TARGET_MARK
Networking options -> IP: Netfilter Configuration -> MARK target support
Required only if you are using TTL stealth router mode: (NOTE: This usually requires a custom patched kernel)
CONFIG_IP_NF_TARGET_TTL (Not to be confused with CONFIG_IP_NF_MATCH_TTL aka "TTL match support"!!!)
Networking options -> IP: Netfilter Configuration -> TTL target support