I can recommend you this book: "Linux Firewalls Attack Detection and Response with Iptables, PSAD, and Fwsnort"
It goes very deep into the theoretical and practical use of firewalls on Linux.
It also goes into intrusion prevention and detection.
You can also dig into the Debian security manual:
http://www.debian.org/doc/manuals/securing-debian-howto/
And you can start auditing your system now with: tiger, lynis, lsat, logwatch, chkrootkit, rkhunter, debsecan and checksecurity
Use the man pages to learn how to use them ;-)
Good luck!