Most consumer level routers actually don't have much of a firewall, but rely on NAT (Network Address Translation) to provide similar levels of protection. NAT is actually an interim step in the IP4 to IP6 internet addressing transition, (The Internet is running (ran?) out of unique IP addresses) allowing for private IP addresses
http://en.wikipedia.org/wiki/IP_address#IPv4_private_addresses valid only within your LAN and repeated in other LANs to have a way to connect to the internet. This is done by having your router maintain tables of outgoing traffic from each of the computers on your LAN, doing the LAN-WAN IP address translation, only allowing inbound (WAN) traffic that is a response to something you sent out, and keeping track of who sent what out to accomplish this. So the router manages your connection streams for you without much intervention. This is a different approach than a firewall, which actually looks at blocking/allowing ports and protocols via rules, but is generally quite effective. A router does need to have a way to punch holes in this to allow things like passive FTP, but usually there are only a few settings and sometimes some interesting tweaks. I have attached the firewalls for two DSL routers as examples: the first is a Linksys consumer router running Tomato firmware, which has just a few settings. The other is for a Netopia business class router, which I am using as a bridge but which has actual firewall capabilities; when not set it becomes NAT again. So a router is a great thing to have, requires no setup, and lets you mostly forget about WAN generated inbound traffic security issues. But a software router helps you manage your LAN security and outbound connection permissions as well for things just phoning home or actual malware that got in somehow. Looking forward to seeing the capabilities of the Avast! version.
Of the dozen or so software firewalls I have used for any length of time, currently focused on Online Armor. It has some useful features for handling mobile users who often switch between networks that augment its usability and general firewall capabilities that are highly rated elsewhere. Plus, like Avast!, they are a great company to deal with. I used Comodo for a year (beta tester, moderator), and the firewall/D+ is still good but unnecessarily complicated for most users unless you just enjoy security as a hobby-the suite development effectively stopped the potential growth of the firewall/HIPS. The others discussed I haven't used recently, but they get good ratings and you just need to try them on for size to see what fits the way you want to use your system.
