LAN traffic is still going through the router, where the firewall supposedly runs.
Regardless of other devices having a public IP, if the router blocks forwarding packets (which is one of the main functionalities of a firewall), then the device(s) behind it are just as protected as if they had private IPs.
It's just a bit easier to setup forwarding as it doesn't require NAT, and it's also easier to open up by accident but having a public IP does not bypass the firewall.
the entire reason the devices get public a public IP is because the firewall effectively isn't there. from the time u-boot inits the topaz chip, until linux controls the chip, it behaves like a dumb ethernet switch.
LAN traffic is still going through the router, where the firewall supposedly runs.
Regardless of other devices having a public IP, if the router blocks forwarding packets (which is one of the main functionalities of a firewall), then the device(s) behind it are just as protected as if they had private IPs.
It's just a bit easier to setup forwarding as it doesn't require NAT, and it's also easier to open up by accident but having a public IP does not bypass the firewall.