So here is a tip to prevent locking yourself out:
At first edit /etc/rc.conf and disable the firewall by setting firewall_enable="NO" (do not forget to reverse this step later).
Next, open up two ssh sessions and become root user. Now, before you change your rules, type at the other terminal:
sleep 100 && reboot
Then apply the firewall rules (ipfw flush && ipfw /etc/ipfw.rules). If you’ve not locked yourself out, you can simply abort the "software watchdog timer" by typing Ctrl-C, whereas in the case you’ve locked yourself out, the computer will reboot after 100 seconds and as we’ve disabled the firewall in rc.conf, after reboot it will be open up for you again.