Security regarding default gateway and static routes

[Argentic]

During the installation process I stumbled on this Note in the documentation in the chapter Network:

Note: in many cases, a FreeNAS® configuration does not include default gateway information as a way to make it more difficult for a remote attacker to communicate with the server. While this is a reasonable precaution, such a configuration does not restrict inbound traffic from sources within the local network. However, omitting a default gateway will prevent the FreeNAS® system from communicating with DNS servers, time servers, and mail servers that are located outside of the local network. In this case, it is recommended to add Static Routes in order to reach external DNS, NTP, and mail servers which are configured with static IP addresses. If you add a gateway to the Internet, make sure that the FreeNAS® system is protected by a properly configured firewall.

Is it a big security issue? Should you use always static routes? Could someone explain it a little more (or point to a good source regarding this topic)?
As far as I see it, a default gateway is used for connecting to outside, not the other way round. Or are there so many open ports and vulnerabilities which would get exposed?
Of course would static routes limit the damage, if intruders get access to the system. Except if they get so much control, that this config doesn't hinder them anymore.
But I'm neither an expert for networking security nor FreeNAS.

 

[m0nkey_]

Either method that is used, you should always have a firewall on the network and explicitly allow traffic in/out of said firewall. If you're a home user, your Internet router will do this job just fine and you can happily use a default gateway for time services, DNS, etc., just don't do any port forwarding to your FreeNAS box, unless of course you know what you're doing and how to secure the service on that port. If this is a business environment, suggest you speak with your network administrator for recommendations since every network is different.