Note that there's not really such thing as a "hardware firewall". You can buy of course a nice box dedicated and tuned to be a firewall, but you can bet there's some software inside it running the show.
At home I use Kerio Personal Firewall, it's free for home use, and has a nice default "learning mode". It blocks everything by default, but asks you when it encounters a new "kind" of connection, so you can allow, deny or just make a rule to stop it from asking in the future, so you are just bothered by it the first time you connect to your games, chats or whatever.
I have setup old 486 or Pentium Linux boxes as low budget firewalls, they performed pretty good, and there's little they cannot do.
Most DSL routers for home use have built in firewalls, YMMV, I have found some easy to use, others are arcane.
At work we use a few of those "hardware firewalls". Nice looking NetScreen boxes full of fancy colored leds. They are pretty and can do lots of nice stuff, but at 20K € each, they don't really fit at home. We didn't got the worm into our 6000+ computers network, but were pretty lucky to be able to unplug some guy who brought his infected laptop from home when he started probing port 135 like crazy, having happily bypassed our fancy firewalls just walking. So you have to be on top of things and have some luck even if you think you have everything secured.
