It’s unclear if Linux distributions really “need” a firewall – but we have found that the following Uncomplicated Firewall rules work fine with a standard Docker based Discourse install:
ufw allow http ufw allow https ufw allow ssh ufw enable
That is, allow HTTP (port 80), HTTPS (port 443), and SSH (port 22), and nothing else.
A firewall should not matter if you are using a default Docker install of Discourse, for the same reason almost no Linux distribution ships with a firewall enabled by default.
But if you have somehow installed extra services that talk to the outside world, adding a firewall gives you “belt and suspenders” security, if that is of interest to you.