Thats a matter of opinion. I think you have to run oe if you are runing services that are listening to some port that is exposed to the internet. Example of this can be samba, cups, mysql, vnc. If you are running some of these it is more like you would want to hide them from the Internet, by runing a firewall. I am behind a router, and I think its the best option to use the router built in firewall if possible. If that is not an option, I use the linux standard tool for this, iptables. It is a comand line firewall that can be used to build complex rules for allowing or denying traffic from your box to the outside and viceversa. It is a bit hard to learn, but there is good tutorials and examples online.
Maybe someone else can recommend a good friendly gui for iptables, I dont know any.
For online transactions be sure you have the latest version of your browser installed.