What is Runlevel 'S' on Debian/Ubuntu for

All the above seem to skirt round a direct answer to the question asked.

From all I can find, the rcS.d scripts are implemented as is the S stood for "startup" not "single".

They are all run during boot. If you then want to use run level 1, the scripts in rc1.d are run ( which may well be pretty empty, given all the work we just did in rcS )

More to the point, the rcS scripts are run on the way to rc3 - so effectively the system places itself in single-user mode, then has a re-think and decides what it REALLY ought to be doing. Very confusing and mostly ill-documented.

As proof, if you examine /etc/inittab, you find:

 # Boot-time system configuration/initialization script.<br>
 # This is run first except when booting in emergency (-b) mode.
si::sysinit:/etc/init.d/rcS

followed later by many lines resembling:

l3:3:wait:/etc/init.d/rc 3

I look at the runlevels in this way:

 S - true single user mode usually drops you into a minimal root shell
 1 - Administrative mode, you get a standard login request before access
 2 - Multi-user without TCP/IP networking -- could use serial ports for other logins
 3 - Multi-user with TCP/IP networking and text 
 4 - To be determined by the system owner
 5 - Multi-User with TCP/IP networking and graphic console 
 6 - reboot
 0 - shutdown and power down

Thus, a firewall is really needed if TCP/IP is up and running and that generally happens only in Init State 3.

Runlevel 1 is also known as runlevel s.

In Debian based systems this is the single-user / minimal mode. See Debian Runlevel:

The runlevel is a digit from 0 to 6 or the letter S. Runlevels 0, 6 and S are reserved for shutdown, reboot and single user mode respectively.

S is for single user mode.

http://wiki.debian.org/RunLevel

In addition to the answer provided by mdpc, In run level 1, no daemons (services) are started.