Yes, because you can forget what services are running and maybe they can be explited.
An example can be Syncthing which setting are done via web browser at port 8384. If you do not have a firewall, everyone on the same network would be able to change Syncthing settings and then sync your directories to their devices.