In short, it really depends on the situation (how the firewall component was engineered and how good the malware is about security software awareness and the techniques it uses).
If you have a firewall component activated in a security product on your system, then it will be monitoring the traffic (usually both in-bound and out-bound (firewalls which monitor both in and out bound are also referred to as "two way firewalls")). This means that when a program either attempts to obtain information from the internet (connect to a host and retrieve information) or send information (connect and then attempt to send back) the firewall would be monitoring this activity. If a malware sample is attempting to make a connection which the firewall either automatically or due to the configuration decides to block, then this malicious process will become a failure at either obtaining or sending information.
However, in some cases it may be potentially possible for the malware sample to successfully obtain and send information, regardless of the original process being blocked. I wouldn't worry about something like this happening because most firewall components (from well-established vendors) these days are tested thoroughly, well-developed and fixed up on a regular basis.