FreeBSD ipfw firewall_type

Estou tentando criar meu próprio script de firewall dentro do FreeBSD e estou com problemas, fiquei me perguntando se alguém fez algo mais atencioso e poderia me mostrar um exemplo?

su-3.2# grep ^firewall /etc/rc.conf 
firewall_enable="YES"       # Set to YES to enable firewall functionality
firewall_type="/etc/ipfw.rules"
firewall_quiet="YES"        # Set to YES to suppress rule display
firewall_logging="YES"      # Set to YES to enable events logging
firewall_logdeny="YES"      # Set to YES to log default denied incoming
su-3.2# cat /etc/ipfw.rules 
${fwcmd} add 65000 pass all from any to any
su-3.2# /etc/rc.d/ipfw restart
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES.
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES.
/etc/rc.d/ipfw: DEBUG: run_rc_command: doit: ipfw_stop 
net.inet.ip.fw.enable: 1 -> 0
/etc/rc.d/natd: DEBUG: checkyesno: natd_enable is set to NO.
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_enable is set to YES.
/etc/rc.d/ipfw: DEBUG: run_rc_command: start_precmd: ipfw_prestart 
/etc/rc.d/ipfw: DEBUG: checkyesno: dummynet_enable is set to NO.
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_nat_enable is set to NO.
/etc/rc.d/ipfw: DEBUG: load_kld: ipfw kernel module already loaded.
/etc/rc.d/ipfw: DEBUG: run_rc_command: doit: ipfw_start 
/etc/rc.d/natd: DEBUG: checkyesno: natd_enable is set to NO.
Line 1: bad command '${fwcmd}'
Firewall rules loaded.
/etc/rc.d/ipfw: DEBUG: checkyesno: firewall_logging is set to YES.
Firewall logging enabled.
net.inet.ip.fw.enable: 0Read from remote host XXXXX.XXX: Connection reset by peer
Connection to XXXXX.XXX closed.
mbp:~ alexus$