Exactly. "Firewall" is somewhat of an overused word at this point that can mean so many different things. And the capabilities of said firewall will vary highly from product to product.
A stateful firewall will keep track of all connections going through it. A good one can help detect malformed packets and drop those. It can also detect some fun attacks people use to fake initiating a TCP connection.
Beyond the basics of looking at port/ip/protocol data, you can start getting into more packet analysis to filter out sites. But a lot of the application detection that can be done isn't as useful now adays due to SSL becoming the standard for so many sites. So to do real good packet analysis you need a SSL model to decode traffic (MITM your own house).
Going the next level is to use an IPS to detect bad traffic. The popular solution here is Snort or Suricata. If you want a linux distro with IPS tech built in, security-onion seems ok.