Nat default server is like dmz. I don't know what passthrough is.
The packet filter and advanced firewall even if they are on have extremely limited value. Most this is to filter data from your internal machines going to the internet not the reverse. So it assumes some internal machine has already been compromised and is trying to stop it from attacking others. Almost all this is old technology. Almost all traffic now encrypted so any form of packet filtering is pretty much worthless.
The most important security feature for a home user is just having the NAT. As long as you do not set any port forwarding rules nothing can get into your network from the internet unless your internal machines talks to the remote...