your question has both YES & NO answers, depending upon how flexible the firewall
can be configured AND your ability to get it so configured.
1) the public side (ie: WAN) gets its address from your ISP. If you're getting
attacked by WWW hackers, this is where they gain access. You can not allow
ports 135 & 445 to be exposed to the WAN without major risk.
2) the private side (ie: LAN) has addresses like 192.168..., 10...., 172....
and these can NOT be accessed from the WAN. Your other systems may
use File/Print sharing by just asking for it.
As you have a hub and not a router, you may also have PUBLIC ip addressses.
run ipconfig /all to verify
3) the trick is to ALLOW LAN access but DISALLOW WAN access
This simple way is to delcare the 192.168.... as a trusted subnet.
(this can not be used of you have PUBLIC ip addresses).
Another is a specific rule and ensure this rule is near the top of the firewall configuration.
eg: ALLOW 192.168.x.y tcp/udp ports 135,445
Now IF you have PUBLIC ip addressses, then subsititue those for the 192.168.x.y above.
As a means to verify your config, you can LOG these rules and also
log access denied by
MONITOR ALL tcp/udp ports 135,445 and place it immediate BELOW the ALLOW rule.
Once you're statisfied, you can stop the logging.