I have a small webserver on a sarge box who is directly online with the Internet without any protection at all
except a small iptables script. Works great and very easy to install. Just enter the ports you want to have open and start.
You can read about the KISS here