Как ipfw (FreeBSD 10) назначить правила?

cat /etc/rc.conf

hostname="gate.corp10.un"
ifconfig_em0="DHCP"
ifconfig_em1="10.10.10.1/24"
gateway_enable="YES"
sshd_enable="YES"
moused_enable="YES"
ntpd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"

#keymap="ru.koi8-r.kbd"
scrnmap="koi8-r.shift"
font8x16="cp866b-8x16"
font8x14="cp866-8x14"
font8x8="cp866-8x8"

firewall_enable="YES"
#firewall_nat_enable="YES"
firewall_type="/etc/ipfw.conf"
#firewall_logging="YES"
natd_enable="YES"
natd_interface="em0"
natd_flags=""

cat /etc/ipfw.conf
#!/bin/sh

FwCMD=`which ipfw`

#####Config#####

LanOut="em0"
LanIn="em1"

NetMask="24"
NetIn="10.10.10.0"

#####\Config#####

IpOut=`ifconfig ${LanOut} | grep inet | cut -d " " -f 2`
IpIn=`ifconfig ${LanIn} | grep inet | cut -d " " -f 2`



${FwCMD} -f flush

${FwCMD} add check-state

###LAN###
${FwCMD} add allow tcp from any to any via ${LanIn}
${FwCMD} add allow udp from any to any via ${LanIn}
${FwCMD} add allow icmp from any to any via ${LanIn}


###LAN### 
${FwCMD} add allow tcp from any to any via ${LanOut}
${FwCMD} add allow udp from any to any via ${LanOut}
${FwCMD} add allow icmp from any to any via ${LanOut}


##deny all packages ##
${FwCMD} add allow ip from any to any