Tip from the coach about ipfw

Do not load the kernel module (remotely) without also adding some rules. This because a default rule always exists which might have some impact on your remote connection…

65535 deny all from any to any

If you really have to load the module remotely, do instead

kldload ipfw && ipfw add 32000 allow all from any to any

Much better…