Queue and rules

[Cole]

Hi

I have setup the following queues and pipes.#pipes
$fwcmd pipe 1 config bw 3kbyte/s queue 0.5kbyte
$fwcmd pipe 2 config bw 128kbits/s queue 5Kbyte #outgoing
$fwcmd pipe 3 config bw 128kbits/s queue 5Kbyte #incoming
$fwcmd pipe 4 config bw 64kbits/s queue 5Kbyte #outgoing
$fwcmd pipe 5 config bw 64kbits/s queue 5Kbyte #incoming

#queues
$fwcmd queue 1 config pipe 2 weight 100 queue 10  #outgoing
$fwcmd queue 2 config pipe 2 weight 50 queue 10   #outgoing
$fwcmd queue 3 config pipe 3 weight 100 queue 10  #incoming
$fwcmd queue 4 config pipe 3 weight 50 queue 10   #incoming

I have also added the following 2 rules using the queues 1 and 3.

00202 queue 1 tcp from me to 196.34.*.* out via tun0
00203 queue 3 tcp from 196.34.*.* to me in via tun0

I put the *'s in just privacy sake, i have the full ip entered in the rules. 

Now i wanted to block certain ports like ssh to or from that ip. I added the rule below rules 202 and 203, and no matter if i specify, deny all, deny tcp and the port, i can still get to those ports. I.e. if i add "ipfw add 205 deny tcp from me to 196.34.*.* 22" it will still allow me to connect. 

I was wondering if its cause of the queue rules matching first and not bothering to check the rest. If this is the problem how do i do bandwidth shaping and then still use blocking/deny rules below those queue rules. 
Of if there is another problem that im not seeing or missing, or a solution that you know might work, please let me know.
Im not subscribed to the mailing list so please reply to cole at acenet.co.za .

Thanx
/Cole