Probably get some different opinions on this one.
I have Mikrotik switches on my LAN with no firewall rules. If I did use the firewall I'd just end up with an allow from LAN ports, so I can get into it, which is the only way to get to it anyway, so any further drop rules would never match anything. Some people may argue you could lock it down to the actual LAN IP range, so even if someone did happen to leave a port forward open to it, you wouldn't be able to access it from the Internet.
On bigger networks people often have management VLANs. In those cases the firewall would be locked down to allow input just from the vlan interface. When you have a building full of people including possible contractors, new employees, leaving employees, people who just like to mess, you don't really want everyone to be able to pull up a login to your network kit.
In environments where you have guests/public connecting to a network, such as a wifi hotspot, you really want to lock down access. It's common in these situations to see a management port, so an engineer will come in to do changes and connect directly to the device. The firewall will be closed entirely other from that port.