It is extremely dangerous to play with firewall, as it might happen, that you are not able to access your computer anymore, if for example the wrong rule at the wrong place has a syntax error, or your ruleset is simply wrong. The first time I wrote an IPFilter configuration file, I really locked myself out (all except SSH still worked, but that was enough to press the reset button).

So here is a tip to prevent locking yourself out:

At first edit /etc/rc.conf and disable the firewall by setting firewall_enable="NO" (do not forget to reverse this step later).

Next, open up two ssh sessions and become root user. Now, before you change your rules, type at the other terminal:

sleep 100 && reboot

Then apply the firewall rules (ipfw flush && ipfw /etc/ipfw.rules). If you’ve not locked yourself out, you can simply abort the "software watchdog timer" by typing Ctrl-C, whereas in the case you’ve locked yourself out, the computer will reboot after 100 seconds and as we’ve disabled the firewall in rc.conf, after reboot it will be open up for you again.