If you are a home high speed user, you essentially already have this with the cable/dsl modem. Have a look at the ruleset on that device (if you can view it). On mine, it has several default filtering rules and a variety of others. The "High Security" canned ACL set is exactly what Shag pointed out. Inbound deny all. Outbound allow all.

Once you add your SOHO router/firewall device, you have formed a perimeter network between your cable/dsl modem and the outside interface of your SOHO router/firewall and then you have a relatively secure internal LAN behind that SOHO router/firewall. You can tweak and tune accordingly. Do so only if you know what you're up to though.

As pointed out, modern networking gear is VERY capable of keeping up with load.

--Th13