With 'free wifi' most harmfull stuff is not actually related to your firewall (unless you block everything, which makes no sense).
A person who owns that wifi network in one way or another can :
1. Use fake DNS and create fake pages for folks inside that network.
2. Sniff network traffic, especially unencrypted/poorly encrypted traffic and analyze it or/and save it for later (perhaps even years, to brute force it later when he gets a new gpu
A lot of other things for an imaginative mind.
Conclusion is if the for anything but casual surfing (no banking, no credentials input), unless you know for a fact that no such things exist in that network.
If using be sure to check the certificates of pages you are leaving credentials at, and use strong encryption.
Hope the helps