jtara - 7:33 pm on Nov 28, 2006 (gmt 0)

What OS are you running on this machine?

Linux has good firewalling capability. Still, I would use a hardware firewall/router. (The two terms have become confuzled lately...)

How do your protect the machine you currently use to browse the web?

If you are going to connect more than one computer to your Internet connection, you need a router anyway. Most/all modern routers include firewall protection.

The key technologies are NAT (Network Address Translation), stateful packet inspection, and application-level firewalling.

If you have DSL service, you may already have NAT built-in to your DSL modem. This is less common with cable modems. The built-in NAT may well be "good enough", but may lack the flexibility of dedicated firewall/routers.

Special needs that might be best addressed by a seperate firewall/router include providing access to servers, using file-sharing networks (BitTorrent, etc.), VOIP, etc.

All modern firewalls implement the first two, and many the third.

NAT translates between your internal network addresses to a single public address on the Internet. Generally, by default, NAT allows NOTHING in from the outside, other than responses to internally-generated requests (this is stateful packet inspection). If you want, for example, to allow access to a web server on your internal network (say, to allow a client to test) you have to go out of your way to enable that.

Application-level firewalling adds an awareness of higher-level protocols (such as HTTP, SMTP, etc.) and inspects for specific exploit patterns.