Firewall to protect web server

[Jim Ide <JIde () madentech com>]

Hello -

I am in the process of setting up a web server (red hat linux, apache,
mysql, php) in my main office.  It will host a database which will be
updated by users at several remote offices.  This will not be a public web
server - it will be only for the use of company employees (access will be
denied to all except for a short list of ip addresses).  I want to install a
firewall to protect the web server.  There will be no other computers behind
the firewall (I may add more web servers later, if needed).  The firewall
will need to allow incoming http and https requests to ports 80 and 443 (and
obviously the web pages that are sent back to the browser), plus outgoing
email from the web server (the web server will generate daily and weekly
reports and email them to managers).

This is my first attempt at installing and configuring a firewall.

1.      The apache web server (and other web servers) can be configured to
allow/deny access based on the ip addresses and domain names of incoming
requests.  Firewalls can also be configured to do this.  Should I use
apache, firewall, or both, to block incoming http requests?  Advantages /
disadvantages / considerations to these approaches?
2.      I have purchased the Netmax firewall ( www.netmax.com
<http://www.netmax.com>  ) and have installed it successfully.  Has anyone
had experience with this product?  Good / bad?
3.      Has anyone had experience with a using the linux ipchains script
builder at linux-firewall-tools.com ?  Good / bad?

Thanks -
Jim