The links to the software router products JonF pointed out are definitely where you want to look. One correction is that IPNetRouter does claim to have a firewall feature. Having been involved with Mac-related networking products for the last 12 years (though less extensively the last 18 months or so), I’m familiar with both products and know of many people using one or the other. I’ve met the guys from Vicom at trade shows, Apple developer conferences, etc., and like them personally, but that’s no reason for you to flock to them.
Regarding the question of whether Macs are more secure than Wintel boxes when connected to the internet continuously, the answer is yes they are . . . and no they aren’t. Many of the favorite tricks of malicious network intruders depend on finding a UNIX or (these days) a Wintel box at your end. Even assuming that they’re able to find an open port for what they’re trying to do, if it involves installing and then executing any program code, it won’t work (since the Mac can’t directly run applications written and compiled for another platform). Many common invasion strategies also depend on the known behavior of UNIX apps (or ported versions of them in other environments). So in that sense, you’re less vulnerable. You’re also somewhat less likely to have left the most common types of access “doors” open than a Windows user, but not dramatically so. If you disable File Sharing and Web Sharing, don’t run any other web server or FTP server software on the machines, and turn off AppleTalk, there’s a very small amount anyone from the outside can do. Since you have more than one machine, however, it’s nice for them to be able to talk to each other, which means at least a few things need to be on.
The basic rules of the game are to:
[ul]
[li]shut off any level of external access to your machines that isn’t necessary for what you do with them (i.e., File Sharing, Web Sharing, AppleTalk)[/li][li]if you do have File Sharing enabled, make sure guest access is off (or at least extremely tightly restricted)[/li][li]if file sharing is on, make sure that the owner account name is different from the machine name, is not your real name, and has a password that follows good password practices (i.e., the longer the better, the more random the better, is not easily guessed by someone who has your wallet in their hand or knows your family history, contains both letters and numbers, etc.); the reason this is important is that the owner account always has access to the entire system, including all local drives, whenever it’s successfully logged on[/li][li]if file sharing is on, make sure that only folders that need to be accessed from another machine are shared, and that those folders contain nothing you will be compromised by having publicly accessible and nothing that you do not have backed up someplace else[/li][li]if you have Web Sharing enabled, review the Actions tab in the Web Sharing preferences to make sure you understand the security implication of any actions that are allowed[/li][li]if Web Sharing is enabled, make sure that the minimum required set of folders is shared this way[/li][li]review the documentation for any product you install that has any type of network functions (especially if it runs all the time as a server or background process) to be sure you understand what types of access it may allow to your machine and what steps you need to take to protect your machines while still doing what you need to do.[/li][li]if there’s no reason for someone outside your home to access your machines, you can do worse than turning them off when you aren’t using them. I’m not ordinarily a fan of lots of startup/shutdown cycles, but in this case, there’s a reason for doing it.[/li][/ul]
I’m sure others can add more, but that’s what comes to mind immediately. The more access you want to allow, the more possibilities for malicious access you enable.
In your case, since you’ve been using LocalTalk happily for sharing files and printers up to this point (judging from your list of hardware and software), you can probably accomplish a lot by simply continuing to run AppleTalk over the LocalTalk connection, so that only TCP/IP is running on Ethernet. File sharing between the two machines will be somewhat slower than if they shared via Ethernet, but your machines and printers remain accessible to each other without being made available outside your home to someone else running AppleTalk via Ethernet on another Mac somewhere upstream (I have heard anecdotes of Mac users, particularly cable modem users, being able to see a surprising number of other machines through their Internet connection). In fact, either of the software router products JonF mentions would allow you to connect only the G4 to Ethernet and leave the 7100 on LocalTalk and still have it connected to the Internet, albeit at a maximum theoretical bandwidth of 230.4Kbps (and probably about 100Kbps in practice, given that the IP packets have to broken up and encapsulated, then reconstituted when they’re received).
As long as you don’t run any web server, FTP server, or mail server software on either machine, there should be little or nothing for the typical hacker to get to on your machine, and you can confirm that with one of the tools that checks which TCP/IP ports are active on your machine.
Let me know if you have any specific questions or if I’ve muddied the waters along the way.