The iptables capability which is what the kind of firewall you talk about
uses is built into the kernel. Just it isn't set up to deny ports by default
in Trisquel.
Trisquel does, however, ship with an Application Level Firewall enabled by
default - AppArmor [1]. This protects you if something like Samba or CUPS
falls to an external attack by preventing access to files on a different
level than GNU/Linux file permissions allow.
The perceived need for IP firewalls in desktop O/Ses seems to have been
conditioned by the fact they're essential in a certain well known OS which is
derived from a clone of CPM for the 8086.
As you observe closing umanned ports is not a real security benefit as far as
typical desktop / laptop use is concerned. However, I run an IP firewall,
ufw, not for the port blocking but to rate limit the number of connections
per 30 seconds to the SSH port. I also set my computers not to allow
password access via SSH. This significantly puts up the time for an attack
to succeed. I chose this as I routinely use a public WiFi which is
misconfigured (no client isolation) and there's another patron who is a
Script Kiddie. His eyes get very still and he doesn't blink when people type
passwords around him. YMMV.
[1] https://en.wikipedia.org/wiki/Application_level_firewall
