On Wed, 2005-12-14 at 23:21, Bruno Wolff III wrote: > On Wed, Dec 14, 2005 at 13:31:10 -0500, > "Scot L. Harris" <webid@xxxxxxxxxx> wrote: > > > > For home users one of the cheap Netgear or Linksys routers/firewalls do > > a good job. If you want to learn more, setting up a separate box as a > > firewall can be good but you will need to spend more time researching > > and monitoring such a system than one of the cheap devices mentioned > > above. > > This isn't really necessary. The main advantage of an external firewall > protecting one server is to limit what server can send out if it gets > compromised. Typically that isn't a huge risk, and if it is I wouldn't > trust some cheapo router that could be more vulnerable than the server > it is supposed to be protecting. > > iptables can do a fine job of limiting what services are exposed to the > outside. Possibly not necessary. But for the average home user that is trying to learn web admin and other tasks using a cheap hardware router/firewall as a first line of protection is probably better, at least initially, than exposing a system where they are just learning about iptables. This allows them to ease into it while still being able to get the task done which they really want to do, server web pages. And since this appeared to be the OPs first attempt at this it still seems like a good suggestion.