I had firefox running. Then in a terminal I added the rule:
ipfw add 1001 drop tcp from me to any dst-port 80 setup out via rl0 uid ron
Firefox could still visit *any* http site.
I exited firefox.
I restarted firefox
Now firefox could only visit https sites, as I had expected earlier.