Following are security policies for PCI DSS -

FTP services are not allowed from External zone to PCI zone.
TFTP services are not allowed from External zone to PCI zone.
DNS services are not allowed from External zone to PCI zone.
Mail services are not allowed from External zone to PCI zone.
HTTP services are not allowed from DMZ zone to PCI zone.
FTP services are not allowed from DMZ zone to PCI zone.
TFTP services are not allowed from DMZ zone to PCI zone.
Mail services are not allowed from DMZ zone to PCI zone.
Netbios services are not allowed from External zone to PCI zone.
Microsoft RPC services are not allowed from External zone to PCI zone.
Microsoft directory services are not allowed from External zone to PCI zone.
Netbios services are not allowed from DMZ zone to PCI zone.
Microsoft RPC services are not allowed from DMZ zone to PCI zone.
Microsoft directory services are not allowed from DMZ zone to PCI zone.
Netbios services are not allowed from PCI zone to External zone.
Microsoft RPC services are not allowed from PCI zone to External zone.
Microsoft directory services are not allowed from PCI zone to External zone.
Netbios services are not allowed from PCI zone to DMZ zone.
Microsoft RPC services are not allowed from PCI zone to DMZ zone.
Microsoft directory services are not allowed from PCI zone to DMZ zone.
Traceroute is not allowed to enter the PCI zone from the External zone.
Traceroute is not allowed to enter the PCI zone from DMZ zone.
Packets with TCP/UDP high ports are not allowed to enter the PCI zone from DMZ zone.
NFS services are not allowed from External zone to PCI zone.
X11 services are not allowed from External zone to PCI zone.
Telnet services are not allowed from External zone to PCI zone.
MSSQL services are not allowed from External zone to PCI zone.
R services are not allowed from External zone to PCI zone.
Fingers service are not allowed from External zone to PCI zone.
NFS services are not allowed from DMZ zone to PCI zone.
X11 services are not allowed from DMZ zone to PCI zone.
P2P file-sharing services are not allowed from DMZ zone to PCI zone.
Instant message services are not allowed from DMZ zone to PCI zone.
Telnet services are not allowed from DMZ zone to PCI zone.
MSSQL services are not allowed from DMZ zone to PCI zone.
R services are not allowed from DMZ zone to PCI zone.
Finger service is not allowed from DMZ zone to PCI zone.
FTP services are not allowed from PCI zone to External zone.
TFTP services are not allowed from PCI zone to External zone.
Telnet services are not allowed from PCI zone to External zone.
Instant message services are not allowed from PCI zone to External zone.
R services are not allowed from PCI zone to External zone.
NFS services are not allowed from PCI zone to External zone.
X11 services are not allowed from PCI zone to External zone.
Database services are not allowed from DMZ zone to PCI zone.

How can some of these policies be implemented in Debian Linux ?

Suhas