What having a firewall adds to the security though?
That depends on many factors, such as router, other devices on your network and others.
Many firewalls one way or another can be trained to allow a set of trusted programs and then block everything else by default - this can "sabotage" many forms of malware, as a credentials stealer for example, won't be able to send its database to the attacker, a downloader won't be able to load anything or a RAT won't be able to connect to the C&C. Ransomware might not be able to get an online key, so decryption might be easier or not needed at all.
It depends on the way you utilise it, as well as on the firewall itself.
It of course has potential bypasses.
Normally firewall is complemented by some sort of Intrusion Prevention (Network Attack Blocker in KIS), which can reduce your attack surface.
KIS includes other modules as well, listed by
@harlan4096 which all work to minimise the vectors attackers could exploit.