Honestly if you're behind a router most "hacking" attempts can't reach you. They would have to poison your routing tables to get through Network Address Translation to reach your system.
Look at it like this, your system moves from a listed house address (direct connection to the internet) to an unlisted apartment number (NAT behind a router).
Your router grabs a live IP address from your ISP then translates it to an address on the LAN side set specifically by ARIN (American Registry for Internet Numbers)
as a black hole on the internet. Ranges of addresses are set specifically as private, unrouteable sites to keep Random Joe-a's network from conflicting with Random Joe-b's and as a first attempt at keeping us from running out of IP address space.
This is why port forwarding is required to get some programs to work properly when connecting to a program behind a router, the router does not forward the information because it was not requested by the computer/program on the LAN side.
When a person or program attempting to access your computer scans the subnet you are on and finds the WAN interface of your router, now how does it convince the router not to follow it's own rules?
If that's possible I'd be surprised, though there are a few exceptions out there just like vulnerabilities on computers.
A firewall does stop internet access attempts out by programs on your system but doesn't doesn't see much work from the internet side on a LAN. That's why you want a firewall that watches access requests by program since any firewall simply watching ports will see any request for port 80 as your web browser, any attempt for port 25/100 as your mail client...
If someone has a different opinion on this I'd love to see more info.