Home connection firewall is a Linux box running iptables. Kids and wife are on separate subnet from me. Routes from my subnet to theirs but not vice versa.
Email - I run my own server. Use SSL for all connections, reject unsecured connections, reject based on SPIF and DKIM records. Use address extension, so each business gets their own unique email on-the-fly. Easy to tell who sells the addresses, who gets hacked, etc.
I don't even use a VPN to connect to work stuff - I just ssh in and tunnel over the SSH connection. If you are wondering why, the VPN client work uses wants to replace the core SSL libraries on my Linux desktop and laptop with a non-Free version. Ain't happening, as this will affect ALL software on my system. As a bonus, the SSH tunnel is faster, and more reliable.
