I'd start by googling "ipfirewall.conf", A few books may pop up, but you'd have guides, and maybe even a ruleset to test *carefully* already written somewhere.
Note you can also run pf AND ipfw if you are careful, if one has features the other may be missing or easier to implement in one than the other.
There are tricks to testing rulesets that avoid locking one out of the box(es).