Another note for my future self - this is more or less stolen from Daniel Schmid's blog entry.
Just using a firewall is not security. However, having a firewall in place doesn't hurt. This is one way to use a firewall on a FreeBSD jail.
firewall_allowservices to your preferences. This is done in your jail, given that you use VNET.
sysrc firewall_type="workstation" sysrc firewall_allowservices="any" sysrc firewall_logdeny="yes" sysrc firewall_quiet="yes" sysrc firewall_enable="yes" sysrc firewall_myservices="80/tcp 443/tcp" service ipfw restart