One of the nicer things about Linux is, it will not propagate Netbios ports. This allows you to share on your LAN without any issue at all.
By default, Linux does not have any inbound ports as LISTENER's, unless you specifically configure them to be open (i.e. sendmail, Apache...or any other Internet related server type thingy).
And even if you decide to have a LISTENER running, you can specifically configure the rules to restrict access, down to a single IP address if you like.
Now, if you do not want Linux to respond to the ICMP ECHO message (pings, traceroutes....), then you will have to disable that. Easy enough to do.
If you want to run a LISTENER on your LAN, which allows connections from the Internet, you have to specifically configure a rule in the Linux box to allow it.
For me, it was a no-brainer. I have the knowledge to configure everything, and I also have a plethora of old computers laying around. I used an old 800Mhz P3 system with 256MB of RAM for my router/file server. Stuck two Ethernet cards in it. Configured a router, DHCP server/client, name service (BIND), Apache, MySQL, Sendmail, Samba, and POP3 to run on it.
I have another 800Mhz P3 running my Visual SourceSafe. I could have connected the printers to it, but I like to turn off that server when it is not needed.
My filter rulesets are such that I do not need any local firewalls on the computers. Oh, I also added SPAM filters to the email side, as well as virus checkers. These are my own doing.
People have asked me to write-up the configuration and setup for this stuff, but I just have not found the time to do so.