I'm surprised that not only is there no application firewall for any of the BSDs, there doesn't even seem to be any need for it. There is OpenSnitch, but only for Linux.
Maybe the closest things are chroot jails and pledge/unveil, both of which are application-specific or built in to the package. (I'm agreeing with you.)
SELinux can be somewhat classified as an app firewall but it's a policy framework after all and that suited for that.