There are ARM CPUs available that do network forwarding in hardware. Some even support iptables rules.
I would be very surprised if a quad-core current-gen Atom could not do that in software, though. I could route 300Mbps through OpenBSD's pf on an AMD Geode.
There's a lot out there that can do NAT and some firewalling in software at large fractions of a gigabit/s for pretty cheap. But if you throw in QoS and queue management the CPU requirements get very high by the standards of MIPS and embedded x86. And unfortunately, none of the network acceleration hardware you'll find on any of those SoCs has anything like a hardware implementation of fq_codel or even RED.
The CeroWRT project has been searching for more than a year for a new generation of hardware to use as the platform for their development of better router software. There's nothing affordable that can keep up with the really fast DOCSIS connections available while doing anything intelligent on a per-packet basis.
How about running the packet filter in a dual-NIC VM on a VT-d capable PC? Dell T20 has Xeon E3 for $500 with 1TB disk and 4GB RAM. Add a PCI NIC for firewall purposes and still have the rest of the PC for use to run other VMs. GPU can be passed through to another VM.
Yeah, using desktop-class hardware works almost effortlessly, but it's not really a good substitute for a $120 router that gets by with passive cooling. This discussion is about whole computers that could hide inside the power supply for that server and run off its standby power rail.
If you're going to be running a server 24/7 anyways, it makes sense to equip it to also be your firewall and gateway. But that doesn't eliminate the huge gap between such a machine and off-the-shelf consumer networking equipment.
It may become easier for consumers to buy a general-purpose PC once and change software as needed, rather than chasing the ever moving ceiling of low-end disposable hardware.
I've lost track of the number of cheap special-purpose appliances I've bought, which turned out to have limitations not present in a general-purpose PC. Consumer routers and NAS devices are already in this category, soon to be joined by compute sticks.
The problem is that buyers rarely know which part of the long tail they may need later. As Intel motherboards converge into a SoC and peripherals support USB3.1+, hopefully we end up with a future that looks like Google's Project Ara, i.e. small modules.
I would be very surprised if a quad-core current-gen Atom could not do that in software, though. I could route 300Mbps through OpenBSD's pf on an AMD Geode.