As a bare minimum your system(s) should block all local traffic by default, then explicitly enable access to and from other local systems you require (ie NAS, media server, router, etc).
All smart devices should have addresses assigned manually if possible, preferably using separate subnets. I hate smart devices, who the hell needs an internet enabled toaster or fridge anyway?
iptables is being phased out in favor of nftables, slowly but surely.