Here are a few things to consider for a home based hardware firewall.
Just using a NAT (Network Address Translation) enabled router/firewall will keep people from being able to initiate a connection inbound to your PC. That's quite a bit of mitigation right there.
The main thing to consider though is that many things can require inbound connections to work. If you want to run a webserver, some P2P applications, or something really important such as games like World of Warcraft, then you are going to need to learn how to configure port forwarding. That is really just telling the router/firewall what traffic is allowed to start connection from the outside (or Internet) and to which PC to send them.
Most devices have good instructions on how to do this and many software vendors even tell you specifically how to configure the main brands like Netgear or Linksys.
Moving up to a more sophisticated firewall that does more rigorous inspection of incoming packets won't be necessary if you're just doing normal PC stuff. If you are running a webserver, database server, or mail server however, the IDS features mentioned above can provide some valuable protection. Many of them look for common attacks such as directory traversal where I could try a link like
http://www.yourwebsite.com/images../../ which would try and move me up a couple directories where I might be able to snoop on stuff I should not e able to see.
This is great stuff but you really must understand a lot about networking and applications as IDS requires thorough tuning or you'll be swamped with tons of alarms that might not be applicable to your setup. For instance I could launch and attack against an Exchange server that you don't even have. Your IDS if configured to watch for those would generate alarms even though you have nothing vulnerable to my attack.
Hope that helps. Maybe too much info??? :shrug:
I'd say +1 to the Linsys or Netgear boxes. They should be all you ever need for home and are well supported.
