I'd recommend using both a hardware firewall solution and a software firewall solution. This way, you can configure both of them to start filtering/blocking at both the network and application levels. For software, I'm using Zone Alarm. For hardware, if it ever friggin' gets here, is the SMC Barricade Plus Cable/DSL router (the SMC7004FW).