By its definition, this is true. However, the Linksys router that we all know and love (at least I do!) is a NAT device - Network Address Translation. NAT is a type of firewall, albeit a brute force one.
Somewhat true.
Depending on your network configuration, a NAT router can be a very cost-effective, inexpensive and reliable addition to your computer's security. At US$40 to $70, they can be worth getting even if you only have one computer.
In their default configuration, common NAT routers do effectively handle the particular problem of unsolicited inbound packets reaching a computer on an internal network.
But sometimes networks have requirements that make NAT boxes inadequate.
NAT routers provide very good protection for normal homes, and small offices and home offices (SOHOs) against unsolicited inbound events from outside the network. So a NAT router is normally adequate for homes and SOHOs for protection against incoming events.
However, you will want to consider additional protection for these reasons:
You should definitely run a software firewall on any computer that connects to AOL using a different Internet Service Provider (AOL's Bring-Your-Own-Access plan or AOL MAX using an ISP) no matter what kind hardware firewall or NAT router you have.
AOL BYOA connects to your computer by creating a "tunnel" through the Internet. With AOL BYOA, tunneling uses your real IP address to connect you to AOL's network where you have a second IP address. Traffic using that second IP address is inside the tunnel.
With AOL, the far end of the tunnel is other AOL customers and the Internet, so it is untrusted.
The solution is to use a software firewall. A software firewall will effectively filter the traffic after it leaves AOL's tunnel and before it gets into the rest of your computer. In some countries AOL9 Max includes the free option of installing the McAfee Firewall Express software firewall.
Somewhat similarly, if you connect to an untrusted network using Virtual Private Networking (VPN), you should either use a software firewall or an external VPN firewall.
VPN uses encrypted "tunnels" for privacy. Traffic is only decrypted when it leaves the tunnel. Each end of the tunnel looks somewhat like an extension of the LAN at the other end: one end of the tunnel may have LAN IP addresses such as 192.168.1.xxx and the other end may have LAN IP addresses such as 192.168.10.xxx. Network Address Translation is not used for traffic when it leaves the VPN tunnel, so there is no NAT protection for traffic through the tunnel.
With VPN, you can use software firewalls. Alternatively you can use an external VPN capable firewall. With an external VPN firewall, the VPN tunnel can be configured to end on the external VPN firewall. This means the external firewall is decrypting the VPN traffic, and it can then examine the traffic and protect your computers.
Be sure to test that your external firewall is configured correctly to protect against unauthorized traffic from outside and inside the tunnel.
If you have to turn on port forwarding or the DMZ to run servers or other applications you should consider either a software firewall or a more expensive SPI firewall.
Turning on port forwarding means traffic for the forwarded ports is forwarded to the specified computer automatically, without the protection of NAT. (Most NAT routers do at least basic packet filtering, in addition to NAT. So there is some protection, but not specifically against unsolicited traffic.)
In this circumstance you can add a software firewall, or run a more complex and expensive hardware firewall or firewall appliance.
The safer methods of "port triggering" or UPnP can be used instead of port forwarding or the DMZ, and this avoids this vulnerability. (See below.)
However, if you are running a publicly available server you will probably have to use port forwarding.
Generally software firewalls provide valuable additional protection that supplements the protection provided by NAT routers and SPI firewalls.
They can inexpensively provide good protection for individual computers on your network in the event that one of the computers gets infected.
Software firewalls can also watch for trojans, viruses, or unauthorized legitimate software, trying to connect out. Software firewalls have the advantage that they know what is going on inside your computer, they can see which program is trying to get out, and whether that program has changed since the last time it tried to get out. External firewalls and NAT routers can't do that.
The downside of software firewalls is that they can be shutdown by users, stalled or terminated by other software on the PC malfunctioning, and certain viruses and trojans disable them or shut them down.
On the other hand, while external firewalls and NAT routers don't know exactly what is going on inside your computer, they are simple devices that are much less likely to have problems that cause them to fail dangerously.
Ideally a software firewall should be an additional layer of protection behind an NAT router or external firewall. For homes a free version of a software firewall or the built in Windows firewall is normally adequate for this additional layer of protection.