I'm doing a simplified non-technical post so new computer users can keep up.
99% of all attacks is ransomware, virus, malware, trojans that can be used for a hacker to get remote access to your computer or get information from the computer....
In almost all cases it is the user that has does something stupid.. clicking on a link on a website, in a mail or starts some infected document or install some program etc.(example evilgnome as we are on a Linux forum)
In this cases a hardware firewall or standard out of the box activated software firewall like GUFW... they doesn't matter at all.. out of the box firewalls has the rules, block all incoming and allow all outgoing... So if you infected the computer from within the traffic does a remote access tunnel it's created from the computer and out.. it's just a nice highway for remote access as all outbound traffic is allowed. :)
Here is a software firewall in the computer good to have if all outgoing traffic is blocked by default and you applies allow rules for only those program/processes that you want to have access out. So if a virus tries to create an remote access tunnel or tries to send data.. it can't.
As with windows wanacry that self spread true SMB1 network, it couldn't infect other computers in the local network with that software firewall setting. (I know as that firewall setting saved my network when one of mine computer got infected.. it was a zeroday then and my AV didn't block it)
The 1% is a real hacker that do a direct attack.
That is really unusual. First of all.. why should just you become a target?.. Perhaps you have a public IP and does some gaming and someone is a bad loser and Ddos you as revenge... You have pissed off some really good hacker.. You have a government job or working on some topsecret project in the private sector.
In the first one it's no worry.. a ddos doesn't last forever... The second one.. nooot good.... the two last ones.. you are screwed for real.
We have ISP-provided modem/router firewalls, costumer router firewalls and enterprise firewalls and they all basically does the same job.
An ISP-provided one is often the worst ones.. as they have remote access for support.. All types of remote access from the internet side.. is a weakness.
It maybe one in a billion chance to exploit it, if the routers software is up to date and the remote access has a really strong password... But it isn't zero. So with a ISP-provided router its good to have GUFW activated. The same applies to costumer router firewalls and enterprise firewalls if you have remote access activated from the internet side WAN
If you have pissed off a really good hacker on the other side of the world.. Then a customer hardware router/firewall, up to date and no remote access activated and a software firewall just in case if the router has a zeroday vulnerability and DHCP ISP IP is good enough.. and don't click on links. :lol:
For the last two, corporate spying.. as a wrote: you are screwed for real. and I really mean it.
They often uses social-engineering to get past obstacles.. or in worst cases brakes in to your home or work to get physical access to your computer and network. and if you have superglue in your USB ports, encrypted the entire harddrive, hardened your OS all state of the art firewalls and so on.. they just rig a camera and i microphone to see your screen and so on.