All Linux distros come with pretty much everything you need from a security point of view, IPTABLES is usually the default, and can be auto configured by most distros during the install, or afterwards via editing config files, command line, or GUI tools, in linux there's always a lot of choice to do things. It's not as hard as it may seem to configure a firewall on Linux, it's only when you're configuring more advanced masquerading or stuff like that it gets a bit more complicated, but there's numerous sites with info to help, because all consumer grade OS's are generally open source, so LOT's of support, and good updating, except maybe Centos now unfortunately! ;-(
A lot of the hardware firewall appliances on the market are simply running an embedded or FLASH version of some Linux distro, cut down to just what's needed for the device.
Linux never really took over the desktop like it was anticipated, but it silently took over the enterprise and server arena!
Debian has been using nftables as its default firewall since the release of Debian 10 (IIRC).
(Not that I really know what I'm doing with that - - - grin!)