I am in the process of setting up a 2nd PC (a laptop). Have wireless Router and card for the laptop. Regular PC will be base station. Both systems are dual boot, XP and Fedora on the Base, XP and Debian on the laptop.

Current firewalls on Base - Kerio for XP - IPtables for Linux. Router currently is simply 'Firewall enabled.' I don't think it's doing much except watching a couple primary use ports. I still use the software firewalls for specific rules, and they appear to be working fine. Laptop is not yet networked, and has no firewall software installed.

Question: (and a very broad one I'm afraid) What should be my primary planning areas for bringing the laptop online? Either computer at any given time could be running Windows or Linux. Is there any hope of maintaining software firewalls, or am I going to have to try to figure out how to enter all the rules from the software firewalls into the router?

In order to maintain a consistent policy (if that's what you want) I'd look into implementing a network-level firewall. My network has router->firewall->computers. The computers, for the most part, also run software firewalls as a second line of defense. If you choose to only use software firewalls, you'll need 4 sets of rules for those firewalls.

My network has router->firewall->computers.

Assuming that your 'firewall' here is a separate dedicated computer, I think that's pretty much overkill for my situation.

If you choose to only use software firewalls, you'll need 4 sets of rules for those firewalls.

As long as I maintain the same rules for both XP systems, and the same rules for both Linux systems (assuming Debian can use IPtables), you're suggesting that each PC will fend for itself consistently accross the network. That's fine with me. I was concerned that there would be some kind of network conflict between the base system and the laptop if they were running different OS's; or possibly even the same OS, if each maintained it's own set of rules.

Are we agreed that won't be a problem?

I can't imagine any case where that would be a problem. Each firewall only handles the traffic to/from that computer.

I'm sorry I misunderstood your original question.