What service do you have forwarded? Do you have any devices on your lan you don't 100% trust?
I have a similar set up only forwarding a wire guard vpn port. I live alone and fully trust every device on my LAN, so I let my router take care of the firewall and dont have any firewalls on the devices on my lan.
Some will still argue this is bad practice but I really have no desire to toggle firewall rules every time I want to expose a port while I'm developing/testing software. If someone cracks wireguard then I don't think they will risk exposing the industry halting 0 day to run a crypto miner on my raspberry pi.