First we'll take properly managed professional Firewalls as used by most major corps, like Cisco, Checkpoint, etc.
The firewall rules would be set to instantly see a port scan and the rule would likely just toss the requests, block the IP, and raise an alert if it happened enough, it would never get the chance to work.
On consumer hardware firewalls like Linksys/Cisco and others, again it varies, if you turn on remote access, and leave all defaults or a really crummy password then it could get best as few consumers would know how to set up the right rules and if they did, they would have never left the defaults or picked a weak password. (Mine is very long, and pretty much random, I don't need to access my router control panel often, so the length and complexity don't really matter but it would be nearly impossible to break by brute force.
Given that most hardware router/firewalls I know of for consumers now have most or all of the really dangerous stuff blocked and force strong passwords and you to chance othe defaults, they are getting harder and harder to brute force break.
Software firewalls like ZoneAlarm and others, are a mixed back, they can't even start the fight until the bad guy is in the front door, past the NIC and through the stack, and I can't speak for their rule sophistication since I use a hardware firewall as my primary defence follewed with Norton Internet Security and and MS Defender. However, there is really no brute force access points on these, a hackers is going to be using tools to use exploits found in the software which is not generally considered brute force.
Finally on the commercial side, most, like my shop also has very sophisiticated intrusion detection as well as firewalls, the intrusion detection software, somewhat like virus protection software has a lot know known attack patterns in its database and it is constantly scanning the traffic for not only break in attempts but even data theft. For example, if it detects what looks like an account number, it will automatically X out all but the last 4 characters, if it sees more than a specific number of what looks like account number flowing out, it cuts them off.
On the intrusion side, it looks for not only most known attacks, but it is pseudo-AI and if it see patterns that hit a certain level of "out of the norm" traffic, it will raise alerts to Info Security, if it is bad enough it will cut it off.
So that was a lot of words to say, no, repeated attempts of the same method will not "wear down" any firewall I am aware of, does not mean it can't on some, but none I have heard of.