The best firewall is a hardware firewall that sits between your network and the web - this is more secure and unloads your workstation.

A properly configured ADSL router firewall is good. You can also use a retired 386/486/P1/P2 and run a micro-Linux router/firewall like Freesco - http://www.freesco.org/ - runs off a floppy, easy to set up.

The firewall rules DO have to be set up properly.