ubuntu - AP - iptables

My home computers set-up:

Broadband
cable moden
Linkysys WRT54GS AP (tomato)
three computers that dual boot xp and ubuntu (one is actually vista-ubuntu)

The switch to ubuntu is attributed to security and hardware issues. As the ubuntu installs are recent it's time to rethink security. Should I concentrate on the iptable of the AP or each individual computer (ubuntu) or both? Are there ready made iptables that I can copy as a file? Frankly, the iptable learning curve is steep for me.

The current tomato set-up uses "as installed" iptables. I turned on the firewall in ubuntu and the iptables are "as installed". Perhaps the "as installed" iptables of the AP and ubuntu are good enough and I need to do nothing, not sure. Any help to set me straight would be great.

I have spent several days reading links and iptable how-tos but the comprehension seems to get cloudier. I recently learned how to install the Hosts file on the AP. I don't know how to move files back and forth from the AP and my hard drive. Finally, if you have multiple users in Ubuntu, how do you ensure that one iptable installation works for all users? Thank you for your time.

 

Your first and primary focus should be your public-facing portion of the network, which includes the router itself, any machines to which ports are forwarded/triggered, and a DMZ if you use one. The client configuration on your desktop/laptop machines is still important, and you should remove any services that you don't use.

If iptables confuses you (which is normal without reading and re-reading its extensive documentation), you can use a frontend such as firestarter: https://help.ubuntu.com/community/Firestarter

iptables runs system-wide (or rather by network interface), so it affects all users. There is an extension to iptables that allows you to filter by user called ipt_owner.

I'm not very familiar with Tomato (I run OpenWRT on all of my stuff), but it should probably have a web-based frontend that you can use to configure the firewall rules.