This worked, thank you very much.
A post scan now shows only the expected open ports.
However, I see this error message when doing "# /etc/init.d/bastille-firewall restart
". Is this a reason for concern?
FATAL: Module ip_tables not found.
FATAL: Module ip_conntrack not found.
FATAL: Module ip_conntrack_ftp not found.
FATAL: Module ipt_LOG not found.
Setting up IP spoofing protection... done.
Allowing traffic from trusted interfaces... done.
Setting up chains for public/internal interface traffic... done.
Setting up general rules... done.
Setting up outbound rules... done.
Now that I resolved this security concern, would you please have any pointers about the chroot setup question
or should I better post that question on a different forum?