Guidance on software firewalls when using port forwarding

Hi team, I’m just getting started with DietPi - currently using it for Syncthing. I’ve configured port forwarding on my Netgear router to forward 22000 to the Pi per the Syncthing instructions.

My question is - do you recommend installing a software firewall like UFW to provide an additional layer of security for the Pi? Is there any risk of exploiting the Syncthing configuration? Looking for peace-of-mind as I am woefully ignorant on network security & don’t wish to open my home network up to evil hackery.

Thank you for your guidance! Happy to provide additional context if necessary.