I want to replace my old 10 Mbit hub with something faster. Either with a switch or with a router. If a choose a switch I get more ports for the money but no built in firewall.

I have a home network with a couple of Windows boxes and a Debian box. Each Windows computer has a software firewall installed, which seems to work nicely. I have done nothing to improve the security for my Debian installation.
My ISP is generous with IPs.

To keep it simple and cheap, and to get some extra ports, I would like to choose a switch. But is it worth to go for a router with built in firewall? Do I really need it for my Debian? If so, would it be as good to have a sw firewall (setting up IP tables?).

Help me with answering in noobish, please

In my humble opinion, it is always wise to run a software firewall on a computer that has a network or internet connection, regardless of its operating system.

Firestarter is a quick and easy GUI to set up iptables. I highly suggest installing it.

If your ISP provides multiple net-accessible IPs and you have no need for a NAT router, just get a gigabit switch.

If this is for home usage, wouldn't a router/switch/AP combo from maybe Linksys or D-Link fit your needs? Unless you're doing this in a business of some sort, I don't know what having a seperate device for a router and a switch would accomplish for you. Even the cheap combo routers would be faster and more efficient than what you're using now.

Thanks for your opinions guys!

I was not thinking of having both a switch and a router, just one of them. My ISP throws as many IPs at me as I want so IPs wouldn't be a reason for me to get router. I was more thinking of the built in firewall that most routers offer. Can I live without it when it comes to my Debian box? Would it be as good to buy the cheaper switch and just install a software firewall?

If you've got a few boxes lying around, set one up as a gateway and run a firewall on that. That's what I have here, works a treat. ISP -> gateway/firewall -> switch -> LAN

I have an identical setup:small office LAN with two XPs and a Debian based distro. My connection is EarthLink dsl. The gateway is a zoomx5 modem/router with configurable firewall. Linksys and others have similar products. They are only in the $80-$90 range, easy to set up and worth every penny when you consider the miserable alternatives. I also have a firewall on the Linux laptop which you might have to configure or the router may be denied access but if you have the right firewall you won't need advanced programming skills.I am still a newbie myself compared to these Linux warriors and I don't have the time to fix an infected machine. The more popular Linux becomes the more it will become the target of the darkside so unless you like to live dangerously use a firewalled router and configure it carefully.

If I was you I would make use of IPtables for a network firewall...

You can also make it host based with IPkungfu if you cant figure it out.

My suggestion Get a router and use the software firewalls on each machine as backup. Set up the router, NAT firewall with whatever open ports you need, then control the open ports on each individual maching with the software firewall.

I am assuming you're not looking for extreme security here, only REASONABLE security. Firewall interfaces, like Kerio or ZoneAlarm on Windows, and Firestarter or Guarddog on Linux are very easy to manage, and quite serviceable.

Messing around directly with iptables is a sure prescription for insanity unless it's something you really need to do.