I want to install UFW on Debian Lenny. Everything looks straightforward except that I don't know where to plug UFW startup script so that it configures iptables before hax0rs can break in.

I've reviewed runlevel directories and in /etc/rc0.d, /etc/rc6.d and /etc/rcS.d there are items like these:

S35networking -> ../init.d/networking
S36ifupdown -> ../init.d/ifupdown

Runlevel 0 and 6 are for shutdown and reboot so I guess nothing should be changed there, but runlevel S advertises itself (in README) like something for me:

The scripts in this directory whose names begin with an 'S' are executed
once when booting the system, even when booting directly into single user
mode.


The following sequence points are defined at this time:

* After the S40 scripts have executed, all local file systems are mounted
  and networking is available. All device drivers have been initialized.

(What bothers me is that both rc0/6.d and rcS.d point to the same networking and ifupdown scripts, but after looking at sources I believe those scripts are smart enough to figure out where to start and where to stop networking.)

Now, I think that I should plug my /lib/ufw/ufw-init into /etc/rcS.d, with priority higher that the one of ifupdown and networking, i.e. <= 38 for my /etc/rcS.d.

Am I right in this "analysis" ?