I apologize for the terse cell-phone-authored response. To expand upon that a little, a firewall device is supposed to be designed such that if something goes wrong, it starts dropping traffic rather than allowing it to pass. This probably breaks things, but is a total attention-getter for whoever is responsible for the device.
The problem with FreeNAS is that it is designed for NAS use, and the firewall defaults to open. You can definitely change that, but there is a huge risk. For example, if you create a startup script that executes an "ipfw add 60000 deny all from any to any" and then also adds some specific exceptions out of a script, there's a danger that at some point the mechanism for startup scripts changes, and your scripts don't get executed, and you do what's sometimes referred to as a "pants drop", exposing your bare fanny to the Internet. There's also the possibility that FreeNAS could change from ipfw to ipf, or that the filtering could be removed entirely in the base OS, and your dependence on a particular feature turns into a liability. The usual response is "but I'll check! and make sure!" and I know you believe it, but history suggests that this sort of thing gets missed more often than it is detected, largely because the default is open access, and it is so much harder to notice that too MUCH is open than to notice that everything's broke because the firewall hasn't opened the stuff it was supposed to.
However, I also believe that there's a lot of value in multiple layers of defense. There would definitely be some value to having a subsystem on FreeNAS that could manage a local firewall.