You are right, the attack often starts from the inside; in fact, a firewall should also (or especially) be used to manage _outbound_ connections. This helps to avoid both data leakage (simple pushing stuff to a remote host) and full remote control of the host, creating a tunnel.

dtonon

tech

Do You Use a Firewall?

Generally residential connections are behind some form of NAT from the modem/router, and therefore reaching into systems isn't possible without a specifically configured NAT forward 

Compromises also rarely come through the front door, they would punch out from behind a routine firewall config anyway after getting loaded through malware

Firewalls are kinda like privacy tech, unless you really really understand what you're doing you're probably larping with one.