I have a d link router connected to a cable modem. Behind the router are several computers each with a single ethernet interface eth0. Therefore my internal (LAN) and external (internet) interface is the same. I want to protect the machines from the internet but not from each other so I thought adding rules to accept connections from their respective fw from eth0:192.168.1.0/24 should be adequate. Come to think of it, all traffic from the internet comes through the router first and then to the PC. Does this mean that they are tagged with the address of the router (192.168.1.1) and hence will be part of eth0:192.168.1.0/24. If so, then I did not protect the PC from connections from the internet. Or is my configuration correct? Thanks.

The router is doing NAT for the PC's so you should be OK. The internet will not relay any traffic to 192.168 address because they are reserved for private lans.

Also check the router as it probably has a builtin firewall you can further use to protect yourself.

Sorry I didn't really explain that very well, I was in a hurry.

The router gets the IP from your ISP. It also knows which port each PC is on and what that PC's internal IP is. The PC's should have their default gateway set to the routers internal IP. If PC-1 wants to talk to PC-2 then the router sends the packets to the correct PC. If PC-1 wants to visit yahoo.com then the router will send the request via the ISP. When yahoo.com returns the request the router will know which PC made the request and will send the reply to it. yahoo.com will not reply to the 192.168.X.X IP, it will reply to the IP of the router and the router will change it to the correct 192.168.X.X IP.

I hope this helps, but I feel like I'm just blabbering now.

Thanks for your reply. Essentially, an ACCEPT policy then is ok since the router excludes any inbound connection not requested by any machines in the internal lan. Any unrequested inbound connection is dropped at the router.

I agree, your router's firewall should be sufficient in most cases.
Just know that if someone is really determined, they're gonna get in. That's why it's very important to make sure each computer is properly configured with good passwords, permissions and minimal services running in a priviledged mode (running as root). Most major distros of Linux have a way of setting your security settings to some level, anywhere from just standard security (equivalent to decent NT-based security, not too hard to hack, but at least it causes a little frustration for the hacker because his first attempt doesnt work, so he needs two or three possible exploits) up through paranoia levels of security for those of us who don't want the NSA to be able to hack our machines. Where you place your security needs depends on what is on your systems and how much you are willing to be inconvenienced.
For example, my NT systems have medium security, but the Linux authorization server that holds their profiles, user data and other important files, is set to the highest security levels possible w/o denying those NT systems access to it.
Don't ever become complacent about security, though. Just because the NAT is sufficient in most cases, doesn't mean some script kiddie won't find a way to get a trojan horse onto your Linux system and hack you from the inside out (which most NATs provide no protection whatsoever against). That's what IP Chains, IP Tables and personal firewalls are for.