I'm basically looking for a centralized per-client firewall. Something that for most clients I I can set the default to "ask" like ZoneAlarm or Comodo on Windows and set the rules dynamically as requests are made by systems.
The ideal scenario would involve my phone getting a notification like the Windows firewalls and letting me approve/deny/remember, but I know that's probably asking for too much and would be in my court to make. 
Does this exist? Am I crazy to desire such a thing?
Those mentioned fw apps likely leverage client's MAC as identifier, or something else?
MAC (which is spoofable) source based firewall rules are feasible in OpenWrt, both with ipt and nft, probably also bpf.
That is because you have registered the smart phone with the W10 host? With such deep integration it would make push notifications feasible but probably also opens other holes, e.g. if such push notifications being delivered to the phone when it is outside the relative safety of its host's LAN.
Not aware that Linux offers a similar integration between host and client.