It depends somewhat on the model, I expect. Why not run Nessus or similar against your network and see what gets though? Are you running a hub or a switch? You might want to set you tools up to listen on all 3 machines to see what's happening. Ultimately, it depends how paranoid you want to be :-) We're running a dedicated OpenBSD gateway box (eg 2 nics - 1 in and 1 out), proxying to the web and email servers. You can have a lot of the useful features when you roll your own firewall, eg ad-blocking, spam-filtering, web caching, decent logging, and so on. Having said that, if reasonably set-up, SuSE firewall should be plenty good enough in a basic scenario - I was running it for about a year with no break-ins (that i know of ;-) although plenty of scans and so on were logged), and that was with a DSL modem with some ports opened on it. I would also consider using vsftp as an alternative ftp server. http://vsftpd.beasts.org/

This may be a silly question, but if you are using a broadband cable/dsl router does that not work as a firewall? The one I have does not allow for state-full packet filtering, but with port forwarding and other various security options enabled could this replace having a firewall on each desktop? I have 3 machines connecting through this router which also links the internal network. 1 machine is running Windows XP Pro with Zonealarm and the built in firewall up and running. The other is a project gentoo box and my rig is a dual-boot winxpro and SuSE 8.1 box. I have the suse firewall up and running on my box and I'm not sure if that by itself is good enough. I want to get pure-ftp up and running on it and I am concerned about my security.