I suppose the firewall is started from
/etc/init.d/firewall

and we just need to modify /etc/firewall.user

when I stop are start /etc/init.d/firewall, I am getting

----------------------------------------------------------
iptables v1.3.7: Need TCP or UDP with port specification
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.7: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.
-------------------------------------------------------------

and this is without modifying /etc/firewall.user..
so I suppose some script involved in bringing up iptable had syntax error...
this is on 7.09

anyone?