I have a lot of control over the software that runs on systems at home but there are limits to what I can fix and sometimes things are insecure. Things like the recent wordpress brute force attacks show that random 'loud' attackers who don't care about the chance of getting noticed will try. I sometimes do worry about the silent and more targeted attackers. So recently I updated my home network and I now have a DMZ network. At this moment it is a purely virtual network as it doesn't leave the KVM server. Hosts in the DMZ have a default-deny firewall policy to the other inside networks. Specific services on specific hosts have been enabled. I first moved the development webserver, which allowed me to tune those firewall rules and fix some other errors. Now other webservers and other servers offering things to the outside world have moved.