ipfw: firewall.sh don't work!

[Горсткин Илья]

Hi all!
FreeBSD 5.4 p7.

ipfw works in a mode - firewall_type="open" only.
At attempt to apply firewall_script="/etc/firewall.sh" the system
forbids the traffic even if firewall.sh configured as "allow all any to
any"

my kernel:
options IPFIREWALL 
options IPFIREWALL_VERBOSE 
options IPFIREWALL_VERBOSE_LIMIT=100 
options IPFIREWALL_FORWARD 
options IPFIREWALL_FORWARD_EXTENDED 
options IPDIVERT 
options DUMMYNET

rc.conf:
gateway_enable="YES"
ifconfig_bge0="inet 192.168.1.1"
ifconfig_xl0="inet xxxx.xxxx.xxxx.xxxx"
icmp_drop_redirect="YES" 
icmp_log_redirect="YES" 
icmp_bmcastecho="NO"  
firewall_enable="YES"
#firewall_type="OPEN" 
firewall_script="/etc/firewall.sh" 
firewall_logging="YES" 
natd_enable="YES" 
natd_interface="xl0" 
natd_flags="-s"

/etc/firewall.sh:
#!/bin/sh 

ipfw='/sbin/ipfw -q' 
inet='xl0' 
lan='bge0' 

${ipfw} -a flush 
${ipfw} add 100 allow all from any to any via lo0               


${ipfw} add 300 divert natd tcp from any to any via ${inet} 
${ipfw} add 310 divert natd udp from any to any via ${inet} 

${ipfw} add 400 deny icmp from any to any in icmptype
5,9,13,14,15,16,17 
${ipfw} add 410 deny icmp from any to any frag 
${ipfw} add 420 allow icmp from any to any 
${ipfw} add 500 deny tcp from any to 192.168.1.0/24 137-139 via ${inet} 
${ipfw} add 510 deny udp from any to 192.168.1.0/24 137-139 via ${inet} 
${ipfw} add 520 deny ip from 192.168.1.0/24 to any in via ${inet} 
${ipfw} add 530 allow tcp from 192.168.1.1 to any 5999 
${ipfw} add 540 allow udp from any 53 to any 
${ipfw} add 550 allow udp from any to any 53 

${ipfw} add 600 allow tcp from 192.168.1.0/24 to any
20,21,25,80,110,443,5190 
${ipfw} add 610 allow tcp from any 20,21,25,80,110,443,5190 to
192.168.1.0/24

where a problem?
thanks!