apt-get install shorewall shorewall6
cd /etc/shorewall/
cp /usr/share/doc/shorewall/examples/one-interface/{interfaces,policy,rules,zones} .
cd /etc/shorewall6/
cp /usr/share/doc/shorewall6/examples/one-interface/{rules,interfaces,zones,policy} .
On Debian 9 enable systemd service:
systemctl enable shorewall
Set the correct network interface name. Example for IPv6 (do the same for v4), check where the IPv6 is on with
ip -6 a
Then update /etc/shorewall6/interfaces e.g.
net NET_IF tcpflags,physical=enp5s0