You do have a firewall, the Linux kernel networking stack basically doesn’t exist without one. What you don’t have is a fancy frontend to that firewall. There is a non-fancy frontend, called iptables. You can use it to block traffic.
That said, the default state on Linux for the firewall is permissive, that is you have to blacklist anything you want blocked, rather than restrictive with a whitelist. Windows is the opposite. The reason is that Linux doesn’t by default listen with dangerous services on ports, unlike Windows (no remote shutdown, for example). I hear that Windows is less bad than it used to be, but back in the Vista days, the mean time to infection for an un-firewalled windows PC was about 10 minutes…
If you use lsof, you can get a list of all ports which are accepting connections. On an out of the box linux machine, you’ll find the list is rather short, and all of the ports require authentication. If you start adding services without authentication, then you’ll need to configure a firewall, either at your network edge (router) or on your local machine. If you take your computer to the local coffee shop, you’ll want to configure your firewall if you have any unauthenticated services. Also, if you don’t control your house router (if it’s not OpenWRT or similar), you can’t trust your local network as much as you’d like to.