I'm not sure if I understand perfectly the scenario that you are describing, but it appears that you are describing a situation in which one has a device behind a NAT that is running a server, which is port forwarded. In this scenario, the attack vector would depend on the security of the server itself, and is essentially independent to the existence of a firewall. One could potentially drop packets based on source IP, or some other metadata, or behaviour that identifies the connections as malicious, but, generally, unless the firewall drops all incoming connections (essentially creating an offline device), a packet filtering firewall will make no difference to thwarting such exploits.