Whilst NAT discards all unsolicited traffic received from the Internet, it does not restrict conversations initiated by the computers behind it. A software firewall (and it’s user) would theoretically prevent malicious programs from initiating these ‘outbound’ conversations.
As I said, the firewall on my router does allow me to control outgoing ports. Granted it only does it by port as it can’t know which particular program is initiating the connection, but I agree with…
Clearly, a software firewall employed as a security measure in this scenario should only be considered as a last resort backup against the subset of malicious code that is network-aware. If your existing measures against malicious code in general (common sense included) are up to scratch, a software firewall may well be a waste of both your and your computer’s resources. If they are not, you really need to make them so!
As with all security measures, the decision to run a software firewall should be based upon an evaluation of the cost / benefit ratio. A software firewall uses memory and CPU time on the host computer, requires proper configuration, frequent user interaction and often produces false positives in (usually overly dramatic) alerts and logs.
The router firewall is more than sufficient for me. I leave the built-in Windows Firewall running for some software-level protection, but I have no need to install ZoneAlarm, commodo etc.