Firewalls protect your internal computers from attacks originating outside your network. They can also provide control over internet and server access by individual internal computers. While there are other forms of attack which firewalls do not deal with, a firewall is an essential part of any security setup. Firewalls block any unsolicited connection attempt from outside, except for those connections which are explicitly allowed. For example, a connection to deliver e-mail to you would be allowed, but a connection to read the contents of your disks using Microsoft Windows File Sharing would be blocked.
Here is an animation of a firewall functioning, courtesy of Vulcan State:
From inside your network, a content filter can be created to prevent connection to disallowed material, such as pornography or gambling. While these filters are very capable, they are not perfect; a highly motivated individual may be able to circumvent any level of protection. This is why log analysis is so important, as patterns emerge from them which can help track down such individuals.
Firewalls may be implemented in a variety of ways. Simple client-only firewalls, such as ZoneAlarm®, have a definite place in security architectures. However they do not address the issues that dedicated firewalls do (and vice versa). CoSysCo can provide you with a completely custom-built firewall based on the pf filter using OpenBSD, which may be appropriate for some complex installations.
The Gnat Box firewall is very cost effective, fully ICSA Certified, capable of tens of thousands of active connections, easily customized and maintained, and simple to upgrade. It is appropriate for everything from home users to very large systems with high availability and failover requirements.
Firewalls have many subtleties not discussed in this brief overview; for further details please see the links page for many resources.