A typical and very common threat that a router firewall will automatically block is a port scan to your system. If an external user (that is, he doesn’t belong to the network or he is not recognized by the firewall as a valid user) tries to port scan one of the computers in the network, the router firewall will automatically block him. This will prevent him from discovering potential vulnerabilities; generally, he will be unable to achieve any type of background communication with the computer that the firewall protects.
Routers utilizing the NAT (Network Address Translation) protocol are also known as NAT Firewalls. NAT protocol allows multiple computers to access the Internet with only one Internet connection and thus, only one IP address. All computers that belong to the NAT network (those computers that belong to the intranet) are assigned special IP addresses (that are not valid, real-world IP addresses) in order for every computer to have a specific, unique reference name. The hardware router translates the requests from each computer into requests from the single IP address. Normally, the router doesn’t encode requests originating from the outside of the network, and it doesn’t pass them on to the local network. This way, the hardware router, by default, acts as a basic firewall system.
All in all, router firewalls provide a basic, yet effective protection that comes as a bonus to connection sharing. Of course, all features depend on the concrete router that you choose to use. For those who have high expectations, there are many sophisticated router firewalls available.